brcmfmac: add length check in brcmf_cfg80211_escan_handler() - kernel/linux.git

diff options

author	Arend Van Spriel <arend.vanspriel@broadcom.com>	2017-09-12 11:47:53 +0300
committer	Kalle Valo <kvalo@codeaurora.org>	2017-09-20 07:46:29 +0300
commit	17df6453d4be17910456e99c5a85025aa1b7a246 (patch)
tree	ef84bc921d2e6fda33f14a1c5e3af899674bbc33 /tools/perf/scripts/python/syscall-counts.py
parent	4c707c04f622a7a8570a8db6389e5a2310b92195 (diff)
download	linux-17df6453d4be17910456e99c5a85025aa1b7a246.tar.xz

brcmfmac: add length check in brcmf_cfg80211_escan_handler()

Upon handling the firmware notification for scans the length was checked properly and may result in corrupting kernel heap memory due to buffer overruns. This fix addresses CVE-2017-0786. Cc: stable@vger.kernel.org # v4.0.x Cc: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

Diffstat (limited to 'tools/perf/scripts/python/syscall-counts.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: