linux/net
Luciano Coelho 57a27e1d6a nl80211: fix overflow in ssid_len
When one of the SSID's length passed in a scan or sched_scan request
is larger than 255, there will be an overflow in the u8 that is used
to store the length before checking.  This causes the check to fail
and we overrun the buffer when copying the SSID.

Fix this by checking the nl80211 attribute length before copying it to
the struct.

This is a follow up for the previous commit
208c72f4fe, which didn't fix the problem
entirely.

Reported-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-07 14:19:07 -04:00
..
9p Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
802 snap: remove one synchronize_net() 2011-05-23 16:29:24 -04:00
8021q net:8021q:vlan.c Fix pr_info to just give the vlan fullname and version. 2011-05-26 14:55:51 -04:00
appletalk appletalk: Fix OOPS in atalk_release(). 2011-03-31 18:59:10 -07:00
atm atm: expose ATM device index in sysfs 2011-05-27 13:07:21 -04:00
ax25 ax25: Fix set-but-unused variable. 2011-04-17 00:48:31 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
bluetooth bluetooth l2cap: fix locking in l2cap_global_chan_by_psm 2011-06-01 14:35:54 -04:00
bridge Merge branch 'pablo/nf-2.6-updates' of git://1984.lsi.us.es/net-2.6 2011-05-27 13:04:40 -04:00
caif caif: Plug memory leak for checksum error 2011-05-22 20:11:49 -04:00
can can: convert to %pK for kptr_restrict support 2011-05-26 14:23:35 -04:00
ceph libceph: fix ceph_osdc_alloc_request error checks 2011-05-03 09:28:13 -07:00
core net: Kill ratelimit.h dependency in linux/net.h 2011-05-27 13:41:33 -04:00
dcb net: dcbnl: Update copyright dates 2011-03-14 17:02:42 -07:00
dccp ipv4: Make caller provide flowi4 key to inet_csk_route_req(). 2011-05-18 18:32:03 -04:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
dns_resolver DNS: Fix a NULL pointer deref when trying to read an error key [CVE-2011-1076] 2011-03-04 09:56:19 +11:00
dsa Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-05 14:59:02 -07:00
econet econet: Fix set-but-unused variable. 2011-04-17 00:15:22 -07:00
ethernet eth: fix new kernel-doc warning 2011-01-12 19:00:40 -08:00
ieee802154 ieee802154: Remove hacked CFLAGS in net/ieee802154/Makefile 2011-04-12 15:33:23 -07:00
ipv4 inetpeer: fix race in unused_list manipulations 2011-05-27 13:39:11 -04:00
ipv6 net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda irda: Fix error propagation in ircomm_lmp_connect_response() 2011-05-19 18:58:39 -04:00
iucv convert old cpumask API into new one 2011-05-13 14:55:21 -04:00
key net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
lapb
llc llc: Fix length check in llc_fixup_skb(). 2011-04-11 18:59:05 -07:00
mac80211 Revert "mac80211: stop queues before rate control updation" 2011-06-07 14:03:08 -04:00
netfilter IPVS: bug in ip_vs_ftp, same list heaad used in all netns. 2011-05-27 13:37:46 +02:00
netlabel Remove prefetch() from <linux/skbuff.h> and "netlabel_addrlist.h" 2011-05-22 21:43:41 -07:00
netlink net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
netrom NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls 2011-04-14 00:20:07 -07:00
packet net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
phonet net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
rds Fix common misspellings 2011-03-31 11:26:23 -03:00
rfkill net: rfkill: add generic gpio rfkill driver 2011-05-19 13:53:54 -04:00
rose NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls 2011-04-14 00:20:07 -07:00
rxrpc rxrpc: Fix set but unused variable 'usage' in rxrpc_get_transport() 2011-05-19 18:51:50 -04:00
sched sch_sfq: fix peek() implementation 2011-05-25 17:55:32 -04:00
sctp sctp: fix memory leak of the ASCONF queue when free asoc 2011-05-25 17:55:32 -04:00
sunrpc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-05-23 09:12:26 -07:00
tipc tipc: Revise timings used when sending link request messages 2011-05-10 16:04:02 -04:00
unix net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
wanrouter Fix common misspellings 2011-03-31 11:26:23 -03:00
wimax
wireless nl80211: fix overflow in ssid_len 2011-06-07 14:19:07 -04:00
x25 Fix common misspellings 2011-03-31 11:26:23 -03:00
xfrm Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-3.6 2011-05-11 14:26:58 -04:00
compat.c net: Add sendmmsg socket system call 2011-05-05 11:10:14 -07:00
Kconfig bpf: depends on MODULES 2011-04-29 10:20:53 -07:00
Makefile net: Enter net/ipv6/ even if CONFIG_IPV6=n 2011-03-07 12:50:52 -08:00
nonet.c
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
sysctl_net.c
TUNABLE