android_kernel_zuk_msm8996.git

diff options

author	Wen Huang <huangwenabc@gmail.com>	2019-08-28 10:07:51 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-09-21 07:12:48 +0200
commit	851224e62b5525f0a87a171905e5c144e1899cd2 (patch)
tree	1bff1816bafc2807629878959485dd202f2251e9 /arch/s390/net/bpf_jit_comp.c
parent	441bb21e68de0ee84e974bb0127bebf9aa1c007b (diff)

mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings

commit 7caac62ed598a196d6ddf8d9c121e12e082cac3a upstream. mwifiex_update_vs_ie(),mwifiex_set_uap_rates() and mwifiex_set_wmm_params() call memcpy() without checking the destination size.Since the source is given from user-space, this may trigger a heap buffer overflow. Fix them by putting the length check before performing memcpy(). This fix addresses CVE-2019-14814,CVE-2019-14815,CVE-2019-14816. Signed-off-by: Wen Huang <huangwenabc@gmail.com> Acked-by: Ganapathi Bhat <gbhat@marvell.comg> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'arch/s390/net/bpf_jit_comp.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: