Re: [PATCH] qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth

From: Kalle Valo
Date: Sat Apr 17 2021 - 13:24:29 EST


Lee Gibson <leegib@xxxxxxxxx> wrote:

> Function qtnf_event_handle_external_auth calls memcpy without
> checking the length.
> A user could control that length and trigger a buffer overflow.
> Fix by checking the length is within the maximum allowed size.
>
> Signed-off-by: Lee Gibson <leegib@xxxxxxxxx>

Please use clamp_val() instead, that's preferred over min_t().

Patch set to Changes Requested.

--
https://patchwork.kernel.org/project/linux-wireless/patch/20210317121706.389058-1-leegib@xxxxxxxxx/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches