lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue,  8 Dec 2020 07:33:47 +0000 (UTC)
From:   Kalle Valo <kvalo@...eaurora.org>
To:     Xiaohui Zhang <ruc_zhangxiaohui@....com>
Cc:     Xiaohui Zhang <ruc_zhangxiaohui@....com>,
        Amitkumar Karwar <amitkarwar@...il.com>,
        Ganapathi Bhat <ganapathi.bhat@....com>,
        Xinming Hu <huxinming820@...il.com>, davem@...emloft.net,
        Jakub Kicinski <kuba@...nel.org>,
        linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] mwifiex: Fix possible buffer overflows in
 mwifiex_cmd_802_11_ad_hoc_start

Xiaohui Zhang <ruc_zhangxiaohui@....com> wrote:

> From: Zhang Xiaohui <ruc_zhangxiaohui@....com>
> 
> mwifiex_cmd_802_11_ad_hoc_start() calls memcpy() without checking
> the destination size may trigger a buffer overflower,
> which a local user could use to cause denial of service
> or the execution of arbitrary code.
> Fix it by putting the length check before calling memcpy().
> 
> Signed-off-by: Zhang Xiaohui <ruc_zhangxiaohui@....com>

Patch applied to wireless-drivers-next.git, thanks.

5c455c5ab332 mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start

-- 
https://patchwork.kernel.org/project/linux-wireless/patch/20201206084801.26479-1-ruc_zhangxiaohui@163.com/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Powered by blists - more mailing lists