leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
260a9ad944
linux/drivers/net/wireless/intel
History
Dan Carpenter 260a9ad944 ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() 
The "ext->key_len" is a u16 that comes from the user.  If it's over
SCM_KEY_LEN (32) that could lead to memory corruption.

Fixes: e0d369d1d9 ("[PATCH] ieee82011: Added WE-18 support to default wireless extension handler")
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Stanislav Yakovlev <stas.yakovlev@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/YHaoA1i+8uT4ir4h@mwanda
2021-04-17 20:35:44 +03:00
..
ipw2x00 ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() 2021-04-17 20:35:44 +03:00
iwlegacy iwlegacy: avoid -Wempty-body warning 2021-04-11 12:31:01 +03:00
iwlwifi iwlwifi: dbg: disable ini debug in 9000 family and below 2021-04-14 12:07:21 +03:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile