cfg80211: check vendor IE length to avoid overrun - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Luciano Coelho <[email protected]>	2013-02-12 20:11:38 +0200
committer	Johannes Berg <[email protected]>	2013-02-13 10:14:17 +0100
commit	6719429dd61cde1fe30d9644d0aa2369eefc9005 (patch)
tree	5318edf7523b03cb3c34f2824985dc246231a053 /scripts/objdiff
parent	bb92d19983a4b54be3e3b83441a8076d92cd04bc (diff)

cfg80211: check vendor IE length to avoid overrun

cfg80211_find_vendor_ie() was checking only that the vendor IE would fit in the remaining IEs buffer. If a corrupt includes a vendor IE that is too small, we could potentially overrun the IEs buffer. Fix this by checking that the vendor IE fits in the reported IE length field and skip it otherwise. Reported-by: Jouni Malinen <[email protected]> Signed-off-by: Luciano Coelho <[email protected]> [change BUILD_BUG_ON to != 1 (from >= 2)] Signed-off-by: Johannes Berg <[email protected]>

Diffstat (limited to 'scripts/objdiff')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: