| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 27 Apr 2019 16:13:09 +0100
From: Ben Hutchings <ben@...adent.org.uk>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC: akpm@...ux-foundation.org, Denis Kirjanov <kda@...ux-powerpc.org>,
"Pieter-Paul Giesberts" <pieter-paul.giesberts@...adcom.com>,
"Hante Meuleman" <hante.meuleman@...adcom.com>,
"Franky Lin" <franky.lin@...adcom.com>,
"Kalle Valo" <kvalo@...eaurora.org>,
"Arend van Spriel" <arend.vanspriel@...adcom.com>
Subject: [PATCH 3.16 192/202] brcmfmac: assure SSID length from firmware
is limited
3.16.66-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Arend van Spriel <arend.vanspriel@...adcom.com>
commit 1b5e2423164b3670e8bc9174e4762d297990deff upstream.
The SSID length as received from firmware should not exceed
IEEE80211_MAX_SSID_LEN as that would result in heap overflow.
Reviewed-by: Hante Meuleman <hante.meuleman@...adcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@...adcom.com>
Reviewed-by: Franky Lin <franky.lin@...adcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@...adcom.com>
Signed-off-by: Kalle Valo <kvalo@...eaurora.org>
[bwh: Backported to 3.16: adjust filename, context]
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
@@ -3082,6 +3082,8 @@ brcmf_notify_sched_scan_results(struct b
brcmf_dbg(SCAN, "SSID:%s Channel:%d\n",
netinfo->SSID, netinfo->channel);
+ if (netinfo->SSID_len > IEEE80211_MAX_SSID_LEN)
+ netinfo->SSID_len = IEEE80211_MAX_SSID_LEN;
memcpy(ssid[i].ssid, netinfo->SSID, netinfo->SSID_len);
ssid[i].ssid_len = netinfo->SSID_len;
request->n_ssids++;
Powered by blists - more mailing lists