Skip to content
Commit 48247f7e authored by Qing Xu's avatar Qing Xu Committed by Greg Kroah-Hartman
Browse files

mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()



[ Upstream commit b70261a2 ]

mwifiex_cmd_append_vsie_tlv() calls memcpy() without checking
the destination size may trigger a buffer overflower,
which a local user could use to cause denial of service
or the execution of arbitrary code.
Fix it by putting the length check before calling memcpy().

Signed-off-by: default avatarQing Xu <m1s5p6688@gmail.com>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent fab5ca79
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment