Skip to content
Commit 7caac62e authored by Wen Huang's avatar Wen Huang Committed by Kalle Valo
Browse files

mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings 



mwifiex_update_vs_ie(),mwifiex_set_uap_rates() and
mwifiex_set_wmm_params() call memcpy() without checking
the destination size.Since the source is given from
user-space, this may trigger a heap buffer overflow.

Fix them by putting the length check before performing memcpy().

This fix addresses CVE-2019-14814,CVE-2019-14815,CVE-2019-14816.

Signed-off-by: default avatarWen Huang <huangwenabc@gmail.com>
Acked-by: default avatarGanapathi Bhat <gbhat@marvell.comg>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
parent 70702265
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment