Commit 9e93eb7b authored Jan 08, 2021 by Zhang Xiaohui Committed by Yang Yingliang Jan 08, 2021

mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start



mainline inclusion
from mainline-v5.11-rc1
commit 5c455c5a
category: bugfix
bugzilla: NA
CVE: CVE-2020-36158

--------------------------------

mwifiex_cmd_802_11_ad_hoc_start() calls memcpy() without checking
the destination size may trigger a buffer overflower,
which a local user could use to cause denial of service
or the execution of arbitrary code.
Fix it by putting the length check before calling memcpy().

Signed-off-by: Zhang Xiaohui <ruc_zhangxiaohui@163.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201206084801.26479-1-ruc_zhangxiaohui@163.com


Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Jason Yan <yanaijie@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

parent b9cd2f68

Show whitespace changes

Inline Side-by-side

Please to comment