Re: [PATCH v2] qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth

From: Kalle Valo
Date: Thu Apr 22 2021 - 10:41:00 EST

Next message: Kalle Valo: "Re: [PATCH] brcmfmac: Avoid GFP_ATOMIC when GFP_KERNEL is enough"
Previous message: Kalle Valo: "Re: [PATCH][next][V2] wlcore: Fix buffer overrun by snprintf due to incorrect buffer size"
In reply to: Lee Gibson: "[PATCH v2] qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Lee Gibson <leegib@xxxxxxxxx> wrote:

> Function qtnf_event_handle_external_auth calls memcpy without
> checking the length.
> A user could control that length and trigger a buffer overflow.
> Fix by checking the length is within the maximum allowed size.
>
> Signed-off-by: Lee Gibson <leegib@xxxxxxxxx>

Patch applied to wireless-drivers-next.git, thanks.

130f634da1af qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth

--
https://patchwork.kernel.org/project/linux-wireless/patch/20210419145842.345787-1-leegib@xxxxxxxxx/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Next message: Kalle Valo: "Re: [PATCH] brcmfmac: Avoid GFP_ATOMIC when GFP_KERNEL is enough"
Previous message: Kalle Valo: "Re: [PATCH][next][V2] wlcore: Fix buffer overrun by snprintf due to incorrect buffer size"
In reply to: Lee Gibson: "[PATCH v2] qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]