Re: [PATCH v2] rtlwifi: Fix potential overflow on P2P code
From: Kalle Valo
Date: Sat Oct 19 2019 - 06:57:44 EST
Pkshih <pkshih@xxxxxxxxxxx> writes:
> On Fri, 2019-10-18 at 07:43 -0400, Laura Abbott wrote:
>> Nicolas Waisman noticed that even though noa_len is checked for
>> a compatible length it's still possible to overrun the buffers
>> of p2pinfo since there's no check on the upper bound of noa_num.
>> Bound noa_num against P2P_MAX_NOA_NUM.
>>
>> Reported-by: Nicolas Waisman <nico@xxxxxxxxxx>
>> Signed-off-by: Laura Abbott <labbott@xxxxxxxxxx>
>
> Acked-by: Ping-Ke Shih <pkshih@xxxxxxxxxxx>
> and Please CC to stable
> Cc: Stable <stable@xxxxxxxxxxxxxxx> # 4.4+
>
> ---
>
> Hi Kalle,
>
> This bug was existing since v3.10, and directory of wireless drivers were
> moved at v4.4. Do I need send another patch to fix this issue for longterm
> kernel v3.16.75?
Yeah, I think you need to send a separate patch to the stable list
(after this commit is in Linus' tree).
--
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches