review.tizen.org Git - platform/kernel/linux-rpi.git/commit

projects / platform / kernel / linux-rpi.git / commit

author	Laura Abbott <labbott@redhat.com>
	Fri, 18 Oct 2019 11:43:21 +0000 (07:43 -0400)
committer	Kalle Valo <kvalo@codeaurora.org>
	Wed, 23 Oct 2019 10:30:51 +0000 (13:30 +0300)
commit	8c55dedb795be8ec0cf488f98c03a1c2176f7fb1
tree	c1033b946d3c8ef7328e5204ab460dc25ef165d1	tree \| snapshot
parent	7cded5658329dd26b9a80d4a6de2665bf93e9006	commit \| diff

rtlwifi: Fix potential overflow on P2P code

Nicolas Waisman noticed that even though noa_len is checked for
a compatible length it's still possible to overrun the buffers
of p2pinfo since there's no check on the upper bound of noa_num.
Bound noa_num against P2P_MAX_NOA_NUM.

Reported-by: Nicolas Waisman <nico@semmle.com>
Signed-off-by: Laura Abbott <labbott@redhat.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

drivers/net/wireless/realtek/rtlwifi/ps.c

diff | blob | history

Domain: System / Kernel;

RSS Atom