mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers/staging/rtl8712
History
Dan Carpenter 7dce6b0ee7 staging: rtl8712: fix use after free bugs 
commit e230a4455a upstream.

_Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl()
functions don't do anything except free the "pcmd" pointer.  It
results in a use after free.  Delete them.

Fixes: 2865d42c78 ("staging: r8712u: Add the new driver to the mainline kernel")
Cc: stable <stable@kernel.org>
Reported-by: Zheng Wang <hackerzheng666@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/Yw4ASqkYcUhUfoY2@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2022-09-15 12:39:44 +02:00
..
Kconfig
Makefile
TODO
basic_types.h
drv_types.h
ethernet.h
hal_init.c
ieee80211.c staging: rtl8712: Fixed multiple parenthesis alignment warnings in ieee80211.c 2016-08-21 18:26:45 +02:00
ieee80211.h staging: rtl8712u: Fix endian settings for structs describing network packets 2017-11-08 10:08:34 +01:00
mlme_linux.c staging: rtl8712: Fix possible buffer overrun 2018-12-13 09:20:29 +01:00
mlme_osdep.h
mp_custom_oid.h
os_intfs.c staging: rtl8712: delete one space before if statement 2016-09-02 14:55:54 +02:00
osdep_intf.h rtl8712: intf_priv: Replace semaphore lock with completion 2016-08-21 18:25:47 +02:00
osdep_service.h rtl8712: pwrctrl_priv: Replace semaphore lock with mutex 2016-09-01 17:44:01 +02:00
recv_linux.c staging: r8712u: Fix leak of skb 2016-08-21 18:28:49 +02:00
recv_osdep.h
rtl871x_cmd.c staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd 2021-03-17 16:10:17 +01:00
rtl871x_cmd.h staging: rtl8712: fix block comments 2016-09-13 14:51:53 +02:00
rtl871x_debug.h
rtl871x_eeprom.c
rtl871x_eeprom.h
rtl871x_event.h
rtl871x_ht.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_io.c
rtl871x_io.h
rtl871x_ioctl.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_ioctl_linux.c staging: rtl8712: unterminated string leads to read overflow 2021-03-17 16:10:16 +01:00
rtl871x_ioctl_rtl.c
rtl871x_ioctl_rtl.h
rtl871x_ioctl_set.c staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_ioctl_set.h
rtl871x_led.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_mlme.c staging: rtl8712: Fix possible buffer overrun 2018-12-13 09:20:29 +01:00
rtl871x_mlme.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_mp.c staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_mp.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_mp_ioctl.c
rtl871x_mp_ioctl.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_mp_phy_regdef.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_pwrctrl.c staging: rtl8712: fix double lock bug in SetPSModeWorkItemCallback() 2016-09-16 10:05:13 +02:00
rtl871x_pwrctrl.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_recv.c staging: rtl: fix possible NULL pointer dereference 2017-03-12 06:41:42 +01:00
rtl871x_recv.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_rf.h
rtl871x_security.c
rtl871x_security.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_sta_mgt.c staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl871x_wlan_sme.h
rtl871x_xmit.c staging: r8712u: Fix Sparse warning in rtl871x_xmit.c 2017-11-08 10:08:37 +01:00
rtl871x_xmit.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl8712_bitdef.h
rtl8712_cmd.c staging: rtl8712: fix use after free bugs 2022-09-15 12:39:44 +02:00
rtl8712_cmd.h staging: rtl8712: uninitialized memory in read_bbreg_hdl() 2019-05-04 08:49:08 +02:00
rtl8712_cmdctrl_bitdef.h
rtl8712_cmdctrl_regdef.h
rtl8712_debugctrl_bitdef.h
rtl8712_debugctrl_regdef.h
rtl8712_edcasetting_bitdef.h
rtl8712_edcasetting_regdef.h
rtl8712_efuse.c Staging: rtl8712: rtl8712_efuse: Use !x instead of x == NULL. 2016-09-20 13:37:59 +02:00
rtl8712_efuse.h
rtl8712_event.h
rtl8712_fifoctrl_bitdef.h
rtl8712_fifoctrl_regdef.h
rtl8712_gp_bitdef.h
rtl8712_gp_regdef.h
rtl8712_hal.h
rtl8712_interrupt_bitdef.h
rtl8712_io.c
rtl8712_led.c staging: rtl8712: Change _LED_STATE enum in rtl871x driver to avoid conflicts with LED namespace 2016-09-28 11:36:45 +02:00
rtl8712_macsetting_bitdef.h
rtl8712_macsetting_regdef.h
rtl8712_powersave_bitdef.h
rtl8712_powersave_regdef.h
rtl8712_ratectrl_bitdef.h
rtl8712_ratectrl_regdef.h
rtl8712_recv.c Fixes: 3d44a78f0d ("staging: rtl8712: Remove unnecessary 'else'") 2016-09-28 08:10:36 +02:00
rtl8712_recv.h staging: rtl8712: fix block comments 2016-09-13 14:51:53 +02:00
rtl8712_regdef.h
rtl8712_security_bitdef.h
rtl8712_spec.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl8712_syscfg_bitdef.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
rtl8712_syscfg_regdef.h
rtl8712_timectrl_bitdef.h
rtl8712_timectrl_regdef.h
rtl8712_wmac_bitdef.h
rtl8712_wmac_regdef.h
rtl8712_xmit.c Staging: rtl8712: rtl8712_xmit: Use !x instead of x == NULL 2016-09-20 13:38:00 +02:00
rtl8712_xmit.h
sta_info.h
usb_halinit.c staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
usb_intf.c staging: rtl8712: fix uninit-value in r871xu_drv_init() 2022-06-14 16:52:40 +02:00
usb_ops.c
usb_ops.h
usb_ops_linux.c staging: r8712u: fix control-message timeout 2021-11-12 13:18:02 +01:00
usb_osintf.h
wifi.h staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 2020-06-11 09:22:22 +02:00
wlan_bssdef.h staging: rtl8712: checkpatch cleanup: block comments using a trailing */ 2016-09-12 11:43:52 +02:00
xmit_linux.c staging: r8712u: Handle some false positives from kmemleak 2016-08-21 18:28:49 +02:00
xmit_osdep.h