Re: [PATCH v2] rtlwifi: Fix potential overflow on P2P code

From: Kalle Valo
Date: Wed Oct 23 2019 - 06:31:13 EST


Laura Abbott <labbott@xxxxxxxxxx> wrote:

> Nicolas Waisman noticed that even though noa_len is checked for
> a compatible length it's still possible to overrun the buffers
> of p2pinfo since there's no check on the upper bound of noa_num.
> Bound noa_num against P2P_MAX_NOA_NUM.
>
> Reported-by: Nicolas Waisman <nico@xxxxxxxxxx>
> Signed-off-by: Laura Abbott <labbott@xxxxxxxxxx>
> Acked-by: Ping-Ke Shih <pkshih@xxxxxxxxxxx>

Patch applied to wireless-drivers.git, thanks.

8c55dedb795b rtlwifi: Fix potential overflow on P2P code

--
https://patchwork.kernel.org/patch/11198315/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches