Google Git
Sign in
android / kernel / common / ee33af324931688a75bcc741f1b6cfbeb4584596
commitee33af324931688a75bcc741f1b6cfbeb4584596[log] [tgz]
authorLaura Abbott <labbott@redhat.com>Fri Oct 18 07:43:21 2019 -0400
committerGreg Kroah-Hartman <gregkh@google.com>Sat Oct 26 17:05:09 2019 +0200
tree0b472e443973a12a86af3b3b5c75ca7492fb644a
parent5b3b15827c1bab3935b489216c992bdf489546e7 [diff]
rtlwifi: Fix potential overflow on P2P code

commit 8c55dedb795be8ec0cf488f98c03a1c2176f7fb1 upstream.

Nicolas Waisman noticed that even though noa_len is checked for
a compatible length it's still possible to overrun the buffers
of p2pinfo since there's no check on the upper bound of noa_num.
Bound noa_num against P2P_MAX_NOA_NUM.

Bug: 142967706
Reported-by: Nicolas Waisman <nico@semmle.com>
Signed-off-by: Laura Abbott <labbott@redhat.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I90a9b285feb50b6b5c30e242756d47848902b634
1 file changed
tree: 0b472e443973a12a86af3b3b5c75ca7492fb644a
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. build.config.aarch64
  31. build.config.common
  32. build.config.cuttlefish.aarch64
  33. build.config.cuttlefish.x86_64
  34. build.config.x86_64
  35. COPYING
  36. CREDITS
  37. Kbuild
  38. Kconfig
  39. MAINTAINERS
  40. Makefile
  41. README