bece6aea3653729d517299f9c5e83bf7d23319cd - SHIFTPHONES/kernel/common

commit	bece6aea3653729d517299f9c5e83bf7d23319cd	[log] [tgz]
author	Lee Gibson <leegib@gmail.com>	Mon Apr 19 15:58:42 2021 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Wed May 19 10:12:58 2021 +0200
tree	d6f62af1a48158dc15eb0d6972541bdf87f119ec
parent	ededc7325dc204db4cfdfe9325c5543f0d9a5c05 [diff]

qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth

[ Upstream commit 130f634da1af649205f4a3dd86cbe5c126b57914 ]

Function qtnf_event_handle_external_auth calls memcpy without
checking the length.
A user could control that length and trigger a buffer overflow.
Fix by checking the length is within the maximum allowed size.

Signed-off-by: Lee Gibson <leegib@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210419145842.345787-1-leegib@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/net/wireless/quantenna/qtnfmac/event.c[diff]

1 file changed

tree: d6f62af1a48158dc15eb0d6972541bdf87f119ec