Re: [PATCH 1/1] mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start

From: Kalle Valo
Date: Tue Dec 08 2020 - 02:34:23 EST

Next message: Minas Harutyunyan: "Re: [PATCH] usb: dwc2: Remove redundant null check before clk_prepare_enable/clk_disable_unprepare"
Previous message: Geert Uytterhoeven: "Re: [GIT PULL] ARM: SoC fixes for v5.10, part 3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Xiaohui Zhang <ruc_zhangxiaohui@xxxxxxx> wrote:

> From: Zhang Xiaohui <ruc_zhangxiaohui@xxxxxxx>
>
> mwifiex_cmd_802_11_ad_hoc_start() calls memcpy() without checking
> the destination size may trigger a buffer overflower,
> which a local user could use to cause denial of service
> or the execution of arbitrary code.
> Fix it by putting the length check before calling memcpy().
>
> Signed-off-by: Zhang Xiaohui <ruc_zhangxiaohui@xxxxxxx>

Patch applied to wireless-drivers-next.git, thanks.

5c455c5ab332 mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start

--
https://patchwork.kernel.org/project/linux-wireless/patch/20201206084801.26479-1-ruc_zhangxiaohui@xxxxxxx/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Next message: Minas Harutyunyan: "Re: [PATCH] usb: dwc2: Remove redundant null check before clk_prepare_enable/clk_disable_unprepare"
Previous message: Geert Uytterhoeven: "Re: [GIT PULL] ARM: SoC fixes for v5.10, part 3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]