aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordataanddreams <dataanddreams@gmail.com>2015-12-04 10:28:53 -0500
committerWolfgang Wiedmeyer <wolfgit@wiedmeyer.de>2016-03-18 01:51:05 +0100
commitcbfc7fd3baa2b525bf0534f678a59c2e4c88c71c (patch)
tree1a29c39051b11c04fe9b8ac44873fa5cabb3998b
parent4c35eb21cf8b9b700e85562074c44aeb9952d897 (diff)
downloadkernel_samsung_smdk4412-cbfc7fd3baa2b525bf0534f678a59c2e4c88c71c.zip
kernel_samsung_smdk4412-cbfc7fd3baa2b525bf0534f678a59c2e4c88c71c.tar.gz
kernel_samsung_smdk4412-cbfc7fd3baa2b525bf0534f678a59c2e4c88c71c.tar.bz2
net: wireless: bcmdhd: Add checks for stack buffer overflows
These two checks prevent exploitable buffer overflows in two scenarios. 1. Long WPS_ID_DEVICE_NAME in WPS info elements 2. Invalid SSID determined in certain scan results Bug: 25661991 Change-Id: I356c71b3ccda765b03a1a380c39e199c3c3e3261 Signed-off-by: Yuan Lin <yualin@google.com>
Diffstat
-rw-r--r--drivers/net/wireless/bcmdhd/wl_cfg80211.c5
1 files changed, 0 insertions, 5 deletions
diff --git a/drivers/net/wireless/bcmdhd/wl_cfg80211.c b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
index 5073913..ba000ef 100644
--- a/drivers/net/wireless/bcmdhd/wl_cfg80211.c
+++ b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
@@ -9095,11 +9095,6 @@ wl_notify_sched_scan_results(struct bcm_cfg80211 *cfg, struct net_device *ndev,
memcpy(ssid[i].ssid, netinfo->pfnsubnet.SSID, ssid[i].ssid_len);
request->n_ssids++;
- memcpy(ssid[i].ssid, netinfo->pfnsubnet.SSID,
- netinfo->pfnsubnet.SSID_len);
- ssid[i].ssid_len = netinfo->pfnsubnet.SSID_len;
- request->n_ssids++;
-
channel_req = netinfo->pfnsubnet.channel;
band = (channel_req <= CH_MAX_2G_CHANNEL) ? NL80211_BAND_2GHZ
: NL80211_BAND_5GHZ;
generated by cgit v1.1 at 2024-04-29 09:20:46 +0000