projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 14e6e35) | patch
staging: rtl8723au: Fix buffer overflow in rtw_get_wfd_ie()
authorJes Sorensen <Jes.Sorensen@redhat.com>
Tue, 15 Apr 2014 17:43:20 +0000 (19:43 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 15 Apr 2014 22:34:40 +0000 (15:34 -0700)
commitf5d197b614d8fbc5c25307e7eff1d663653966fa
treeb48cd1c72b99e0e8fcb50a53d09fe2e56518e6a4tree | snapshot (tar.gz zip)
parent14e6e35d04995c118f41582299f6861ab209bdb3commit | diff
staging: rtl8723au: Fix buffer overflow in rtw_get_wfd_ie()

Add bounds checking to not allow WFD Information Elements larger than
128, and make sure we use the correct buffer size MAX_WFD_IE_LEN
instea of hardcoding the size.

This also simplifies rtw_get_wfd_ie() by using the cfg80211
infrastructure.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/rtl8723au/core/rtw_ieee80211.c diff | blob | blame | history
drivers/staging/rtl8723au/core/rtw_mlme_ext.c diff | blob | blame | history
drivers/staging/rtl8723au/core/rtw_p2p.c diff | blob | blame | history
drivers/staging/rtl8723au/core/rtw_wlan_util.c diff | blob | blame | history