leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
73e8fb2d59
linux/drivers/net/wireless/broadcom
History
Arend Van Spriel ded8991215 brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap() 
User-space can choose to omit NL80211_ATTR_SSID and only provide raw
IE TLV data. When doing so it can provide SSID IE with length exceeding
the allowed size. The driver further processes this IE copying it
into a local variable without checking the length. Hence stack can be
corrupted and used as exploit.

Cc: stable@vger.kernel.org # v4.7
Reported-by: Daxing Guo <freener.gdx@gmail.com>
Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
Reviewed-by: Franky Lin <franky.lin@broadcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2016-09-07 16:43:50 +03:00
..
b43 b43: Completely remove support for phy_a 2016-06-16 18:23:18 +03:00
b43legacy cfg80211: remove enum ieee80211_band 2016-04-12 15:56:15 +02:00
brcm80211 brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap() 2016-09-07 16:43:50 +03:00
Kconfig brcm80211: move under broadcom vendor directory 2015-11-18 11:24:22 +02:00
Makefile brcm80211: move under broadcom vendor directory 2015-11-18 11:24:22 +02:00