mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-01 06:33:07 +00:00
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
This code has a check to prevent read overflow but it needs another
check to prevent writing beyond the end of the ->Ssid[] array.
Fixes: 554c0a3abf
("staging: Add rtl8723bs sdio wifi driver")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
171ca9a781
commit
d982b07158
1 changed files with 4 additions and 2 deletions
|
@ -1438,9 +1438,11 @@ static int rtw_wx_set_scan(struct net_device *dev, struct iw_request_info *a,
|
|||
|
||||
sec_len = *(pos++); len-= 1;
|
||||
|
||||
if (sec_len>0 && sec_len<=len) {
|
||||
if (sec_len > 0 &&
|
||||
sec_len <= len &&
|
||||
sec_len <= 32) {
|
||||
ssid[ssid_index].SsidLength = sec_len;
|
||||
memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength);
|
||||
memcpy(ssid[ssid_index].Ssid, pos, sec_len);
|
||||
/* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */
|
||||
/* , ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */
|
||||
ssid_index++;
|
||||
|
|
Loading…
Reference in a new issue