diff options
author | dataanddreams <dataanddreams@gmail.com> | 2015-12-04 10:28:53 -0500 |
---|---|---|
committer | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2016-03-18 01:51:05 +0100 |
commit | cbfc7fd3baa2b525bf0534f678a59c2e4c88c71c (patch) | |
tree | 1a29c39051b11c04fe9b8ac44873fa5cabb3998b | |
parent | 4c35eb21cf8b9b700e85562074c44aeb9952d897 (diff) | |
download | kernel_samsung_smdk4412-cbfc7fd3baa2b525bf0534f678a59c2e4c88c71c.zip kernel_samsung_smdk4412-cbfc7fd3baa2b525bf0534f678a59c2e4c88c71c.tar.gz kernel_samsung_smdk4412-cbfc7fd3baa2b525bf0534f678a59c2e4c88c71c.tar.bz2 |
net: wireless: bcmdhd: Add checks for stack buffer overflows
These two checks prevent exploitable buffer overflows in two scenarios.
1. Long WPS_ID_DEVICE_NAME in WPS info elements
2. Invalid SSID determined in certain scan results
Bug: 25661991
Change-Id: I356c71b3ccda765b03a1a380c39e199c3c3e3261
Signed-off-by: Yuan Lin <yualin@google.com>
-rw-r--r-- | drivers/net/wireless/bcmdhd/wl_cfg80211.c | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/drivers/net/wireless/bcmdhd/wl_cfg80211.c b/drivers/net/wireless/bcmdhd/wl_cfg80211.c index 5073913..ba000ef 100644 --- a/drivers/net/wireless/bcmdhd/wl_cfg80211.c +++ b/drivers/net/wireless/bcmdhd/wl_cfg80211.c @@ -9095,11 +9095,6 @@ wl_notify_sched_scan_results(struct bcm_cfg80211 *cfg, struct net_device *ndev, memcpy(ssid[i].ssid, netinfo->pfnsubnet.SSID, ssid[i].ssid_len); request->n_ssids++; - memcpy(ssid[i].ssid, netinfo->pfnsubnet.SSID, - netinfo->pfnsubnet.SSID_len); - ssid[i].ssid_len = netinfo->pfnsubnet.SSID_len; - request->n_ssids++; - channel_req = netinfo->pfnsubnet.channel; band = (channel_req <= CH_MAX_2G_CHANNEL) ? NL80211_BAND_2GHZ : NL80211_BAND_5GHZ; |