rtlwifi: Fix potential overflow on P2P code - kernel/linux.git

diff options

author	Laura Abbott <labbott@redhat.com>	2019-10-18 14:43:21 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-11-06 15:06:21 +0300
commit	64efcbc7a5a3c7a14e42ccf7b8a7e7667d672a33 (patch)
tree	76929538c009daf11d6567cf2257b389e6247bfb /drivers/soc
parent	a8166916152825d84bff2d94d6c7bce2d703b9df (diff)
download	linux-64efcbc7a5a3c7a14e42ccf7b8a7e7667d672a33.tar.xz

rtlwifi: Fix potential overflow on P2P code

commit 8c55dedb795be8ec0cf488f98c03a1c2176f7fb1 upstream. Nicolas Waisman noticed that even though noa_len is checked for a compatible length it's still possible to overrun the buffers of p2pinfo since there's no check on the upper bound of noa_num. Bound noa_num against P2P_MAX_NOA_NUM. Reported-by: Nicolas Waisman <nico@semmle.com> Signed-off-by: Laura Abbott <labbott@redhat.com> Acked-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'drivers/soc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: