diff options
author | Laura Abbott <labbott@redhat.com> | 2019-10-18 07:43:21 -0400 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-11-06 12:09:22 +0100 |
commit | 3da8d0e777fa8a0934a288b115373cf12d7800f8 (patch) | |
tree | 71003fb150e59963b4a91468a459b533046233c7 /README | |
parent | 1cdb53607683a4fa8625a3f3eb65e5d9f4572166 (diff) |
rtlwifi: Fix potential overflow on P2P code
commit 8c55dedb795be8ec0cf488f98c03a1c2176f7fb1 upstream.
Nicolas Waisman noticed that even though noa_len is checked for
a compatible length it's still possible to overrun the buffers
of p2pinfo since there's no check on the upper bound of noa_num.
Bound noa_num against P2P_MAX_NOA_NUM.
Reported-by: Nicolas Waisman <nico@semmle.com>
Signed-off-by: Laura Abbott <labbott@redhat.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions