forked from luck/tmp_suning_uos_patched
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
This code has a check to prevent read overflow but it needs another
check to prevent writing beyond the end of the ->Ssid[] array.
Fixes: 554c0a3abf
("staging: Add rtl8723bs sdio wifi driver")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
a8f4d63142
commit
c06e5f751a
|
@ -1351,9 +1351,11 @@ static int rtw_wx_set_scan(struct net_device *dev, struct iw_request_info *a,
|
|||
|
||||
sec_len = *(pos++); len -= 1;
|
||||
|
||||
if (sec_len > 0 && sec_len <= len) {
|
||||
if (sec_len > 0 &&
|
||||
sec_len <= len &&
|
||||
sec_len <= 32) {
|
||||
ssid[ssid_index].SsidLength = sec_len;
|
||||
memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength);
|
||||
memcpy(ssid[ssid_index].Ssid, pos, sec_len);
|
||||
/* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */
|
||||
/* , ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */
|
||||
ssid_index++;
|
||||
|
|
Loading…
Reference in New Issue
Block a user