Re: [PATCH v3 1/2] wifi: cw1200: Avoid processing an invalid TIM IE

From: Kalle Valo
Date: Mon Sep 18 2023 - 13:02:39 EST

Next message: Lee Jones: "Re: [PATCH] dt-bindings: mfd: armltd: Move Arm board syscon's to separate schema"
Previous message: Johan Hovold: "[PATCH RESEND] HID: i2c-hid: fix handling of unpopulated devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jeff Johnson <quic_jjohnson@xxxxxxxxxxx> wrote:

> While converting struct ieee80211_tim_ie::virtual_map to be a flexible
> array it was observed that the TIM IE processing in cw1200_rx_cb()
> could potentially process a malformed IE in a manner that could result
> in a buffer over-read. Add logic to verify that the TIM IE length is
> large enough to hold a valid TIM payload before processing it.
>
> Signed-off-by: Jeff Johnson <quic_jjohnson@xxxxxxxxxxx>

Patch applied to wireless-next.git, thanks.

b7bcea9c27b3 wifi: cw1200: Avoid processing an invalid TIM IE

--
https://patchwork.kernel.org/project/linux-wireless/patch/20230831-ieee80211_tim_ie-v3-1-e10ff584ab5d@xxxxxxxxxxx/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Next message: Lee Jones: "Re: [PATCH] dt-bindings: mfd: armltd: Move Arm board syscon's to separate schema"
Previous message: Johan Hovold: "[PATCH RESEND] HID: i2c-hid: fix handling of unpopulated devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]