lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Dec 2009 20:01:15 -0500 From: "John W. Linville" <linville@...driver.com> To: Daniel Mack <daniel@...aq.de> Cc: Dan Williams <dcbw@...hat.com>, linux-kernel@...r.kernel.org, Holger Schurig <holgerschurig@...il.com>, Stephen Hemminger <shemminger@...tta.com>, Maithili Hinge <maithili@...vell.com>, Kiran Divekar <dkiran@...vell.com>, Michael Hirsch <m.hirsch@...mfeld.com>, netdev@...r.kernel.org, libertas-dev@...ts.infradead.org, linux-wireless@...r.kernel.org, stable@...nel.org Subject: Re: [PATCH] Libertas: fix buffer overflow in lbs_get_essid() On Thu, Dec 17, 2009 at 07:15:08AM +0800, Daniel Mack wrote: > On Wed, Dec 16, 2009 at 08:57:47AM -0800, Dan Williams wrote: > > On Wed, 2009-12-16 at 05:12 +0100, Daniel Mack wrote: > > > The libertas driver copies the SSID buffer back to the wireless core and > > > appends a trailing NULL character for termination. This is > > > > > > a) unnecessary because the buffer is allocated with kzalloc and is hence > > > already NULLed when this function is called, and > > > > > > b) for priv->curbssparams.ssid_len == 32, it writes back one byte too > > > much which causes memory corruptions. > > > > > > Fix this by removing the extra write. > > > > Acked-by: Dan Williams <dcbw@...hat.com> > > Thanks, everyone. Who will care to pick an queue this one? Is there some reason it wouldn't be me? John -- John W. Linville Someday the world will need a hero, and you linville@...driver.com might be all we have. Be ready. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists