projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8b0f925) | patch
iwlwifi: fix debug TLV parsing
authorJohannes Berg <johannes.berg@intel.com>
Fri, 10 Dec 2021 09:12:41 +0000 (11:12 +0200)
committerLuca Coelho <luciano.coelho@intel.com>
Tue, 21 Dec 2021 10:35:05 +0000 (12:35 +0200)
commitccbffd690ec21b0891bf437ef5df9e5c63e0a980
treeb0736e26a6f1d74c1b5d313a73765f941bc39ea7tree | snapshot
parent8b0f92549f2c2458200935c12a2e2a6e80234cf5commit | diff
iwlwifi: fix debug TLV parsing

Debug TLV parsing was missing size checks, so if a valid but
too short TLV was encountered, it would attempt to read it.
If the firmware file was arranged to be a multiple of pages
long with this happening just before the end, it could crash
reading out-of-bounds of a vmalloc area.

Fix this by adding the relevant size check.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211210110539.84848da8067f.Ifb4f80c95d283ec62e495a7928069af711b5fee2@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c diff | blob | history
Domain: System / Kernel;