android_kernel_zuk_msm8996.git

diff options

author	Laura Abbott <labbott@redhat.com>	2019-10-18 07:43:21 -0400
committer	Greg Kroah-Hartman <gregkh@google.com>	2019-10-26 17:12:34 +0200
commit	fdc5506932b6a6ffad1ea078e88b28ce0d2ff6ba (patch)
tree	98db039e2caedd7ac609feb3013a4d494b08a41b /net/sctp/socket.c
parent	526f5c9b7a68cf9b42ab8c47142569655ef7a579 (diff)

rtlwifi: Fix potential overflow on P2P code

commit 8c55dedb795be8ec0cf488f98c03a1c2176f7fb1 upstream. Nicolas Waisman noticed that even though noa_len is checked for a compatible length it's still possible to overrun the buffers of p2pinfo since there's no check on the upper bound of noa_num. Bound noa_num against P2P_MAX_NOA_NUM. Bug: 142967706 Reported-by: Nicolas Waisman <nico@semmle.com> Signed-off-by: Laura Abbott <labbott@redhat.com> Acked-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I90a9b285feb50b6b5c30e242756d47848902b634

Diffstat (limited to 'net/sctp/socket.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: