mwifiex: Fix possible buffer overflows at parsing bss descriptor - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Takashi Iwai <[email protected]>	2019-05-29 14:52:19 +0200
committer	Kalle Valo <[email protected]>	2019-05-30 14:22:10 +0300
commit	13ec7f10b87f5fc04c4ccbd491c94c7980236a74 (patch)
tree	051fc20093146cd57bbaa8d8e224f08111443a8e /include/linux/debugobjects.h
parent	6aca09771db4277a78853d6ac680d8d5f0d915e3 (diff)

mwifiex: Fix possible buffer overflows at parsing bss descriptor

mwifiex_update_bss_desc_with_ie() calls memcpy() unconditionally in a couple places without checking the destination size. Since the source is given from user-space, this may trigger a heap buffer overflow. Fix it by putting the length check before performing memcpy(). This fix addresses CVE-2019-3846. Reported-by: huangwen <[email protected]> Signed-off-by: Takashi Iwai <[email protected]> Signed-off-by: Kalle Valo <[email protected]>

Diffstat (limited to 'include/linux/debugobjects.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: