mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() - kernel/linux.git

diff options

author	Qing Xu <m1s5p6688@gmail.com>	2020-01-02 05:39:27 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-02-15 00:32:24 +0300
commit	43e189049f32740c0d015f43a407658ac53d1743 (patch)
tree	11a3d06330da2a84c187c60eabd618a92ceaa29a /Documentation
parent	49e9f1057ef968af57a62860697898cb35246936 (diff)
download	linux-43e189049f32740c0d015f43a407658ac53d1743.tar.xz

mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()

[ Upstream commit b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d ] mwifiex_cmd_append_vsie_tlv() calls memcpy() without checking the destination size may trigger a buffer overflower, which a local user could use to cause denial of service or the execution of arbitrary code. Fix it by putting the length check before calling memcpy(). Signed-off-by: Qing Xu <m1s5p6688@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'Documentation')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: