projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 599a2c0)
staging/rtl8192e: userspace ptr deref + incorrect declarations
authorDominique van den Broeck <domdevlin@free.fr>
Sun, 4 May 2014 14:46:27 +0000 (16:46 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 23 May 2014 11:25:54 +0000 (20:25 +0900)
. userspace pointer dereference ;

These issues have been fixed by a concurrent patch:
. missing inclusions of needed header files (fixed by concurrent patch);
. unrequired static function declaration (confusing another *.c file).

Signed-off-by: Dominique van den Broeck <domdevlin@free.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/rtl8192e/rtl8192e/rtl_wx.c patch | blob | history

diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c b/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c
index de76097..5287004 100644 (file)
--- a/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c
+++ b/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c
@@ -1131,11 +1131,18 @@ static int r8192_wx_set_PromiscuousMode(struct net_device *dev,
        struct r8192_priv *priv = rtllib_priv(dev);
        struct rtllib_device *ieee = priv->rtllib;
 
-       u32 *info_buf = (u32 *)(wrqu->data.pointer);
+       u32 info_buf[3];
 
-       u32 oid = info_buf[0];
-       u32 bPromiscuousOn = info_buf[1];
-       u32 bFilterSourceStationFrame = info_buf[2];
+       u32 oid;
+       u32 bPromiscuousOn;
+       u32 bFilterSourceStationFrame;
+
+       if (copy_from_user(info_buf, wrqu->data.pointer, sizeof(info_buf)))
+               return -EFAULT;
+
+       oid = info_buf[0];
+       bPromiscuousOn = info_buf[1];
+       bFilterSourceStationFrame = info_buf[2];
 
        if (OID_RT_INTEL_PROMISCUOUS_MODE == oid) {
                ieee->IntelPromiscuousModeInfo.bPromiscuousOn =
Domain: System / Kernel;