| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_594577BB67C03CF3364296D2374E4ACA7509@qq.com>
Date: Tue, 29 Apr 2025 10:38:51 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+4bcdddd48bb6f0be0da1@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [wireless?] UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
#syz test
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index cb7079071885..e73cd9eb164e 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -1194,7 +1194,9 @@ int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata,
band == NL80211_BAND_6GHZ)
continue;
- max_n = local->hw.wiphy->bands[band]->n_channels;
+ max_n = min_t(int,
+ local->hw.wiphy->bands[band]->n_channels,
+ local->int_scan_req->n_channels);
for (i = 0; i < max_n; i++) {
struct ieee80211_channel *tmp_ch =
&local->hw.wiphy->bands[band]->channels[i];
Powered by blists - more mailing lists