From: Dominique van den Broeck Date: Sun, 4 May 2014 14:46:27 +0000 (+0200) Subject: staging/rtl8192e: userspace ptr deref + incorrect declarations X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=db4d7173c173d2e3fe5344f95131e3280a678ffa;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git staging/rtl8192e: userspace ptr deref + incorrect declarations . userspace pointer dereference ; These issues have been fixed by a concurrent patch: . missing inclusions of needed header files (fixed by concurrent patch); . unrequired static function declaration (confusing another *.c file). Signed-off-by: Dominique van den Broeck Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c b/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c index de7609716435..52870041fcb7 100644 --- a/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c +++ b/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c @@ -1131,11 +1131,18 @@ static int r8192_wx_set_PromiscuousMode(struct net_device *dev, struct r8192_priv *priv = rtllib_priv(dev); struct rtllib_device *ieee = priv->rtllib; - u32 *info_buf = (u32 *)(wrqu->data.pointer); + u32 info_buf[3]; - u32 oid = info_buf[0]; - u32 bPromiscuousOn = info_buf[1]; - u32 bFilterSourceStationFrame = info_buf[2]; + u32 oid; + u32 bPromiscuousOn; + u32 bFilterSourceStationFrame; + + if (copy_from_user(info_buf, wrqu->data.pointer, sizeof(info_buf))) + return -EFAULT; + + oid = info_buf[0]; + bPromiscuousOn = info_buf[1]; + bFilterSourceStationFrame = info_buf[2]; if (OID_RT_INTEL_PROMISCUOUS_MODE == oid) { ieee->IntelPromiscuousModeInfo.bPromiscuousOn =