forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers/staging
History
Dan Carpenter 3fe2a013bb Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() 
commit b65a2d8c86 upstream.

The "ie_len" variable is in the 0-255 range and it comes from the
network.  If it's over NDIS_802_11_LENGTH_RATES_EX (16) then that will
lead to memory corruption.

Fixes: 554c0a3abf ("staging: Add rtl8723bs sdio wifi driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200603101958.GA1845750@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-06-30 23:17:18 -04:00
..
android staging: android: ion: use vmap instead of vm_map_ram 2020-06-22 09:05:12 +02:00
axis-fifo
board
clocking-wizard
comedi staging: comedi: Fix comedi_device refcnt leak in comedi_open 2020-04-29 16:31:32 +02:00
dgnc
emxx_udc
erofs erofs: fix partially uninitialized misuse in z_erofs_onlinepage_fixup 2020-06-30 23:17:15 -04:00
fbtft fbtft: Make sure string is NULL terminated 2019-12-31 16:36:10 +01:00
fsl-dpaa2
fwserial
gasket staging: gasket: Fix mapping refcnt leak when register/store fails 2020-06-25 15:32:53 +02:00
gdm724x
goldfish
greybus staging: greybus: fix a missing-check bug in gb_lights_light_config() 2020-06-25 15:32:52 +02:00
gs_fpgaboot
iio staging: iio: ad2s1210: Fix SPI reading 2020-05-27 17:37:42 +02:00
ks7010
media media: imx: work around false-positive warning, again 2019-11-20 18:47:16 +01:00
most staging: most: core: replace strcpy() by strscpy() 2020-05-27 17:37:39 +02:00
mt29f_spinand mtd: rawnand: Pass a nand_chip object to nand_scan() 2020-06-25 15:33:07 +02:00
mt7621-dma
mt7621-dts
mt7621-eth
mt7621-mmc
mt7621-pci
mt7621-pinctrl staging: mt7621-pinctrl: use pinconf-generic for 'dt_node_to_map' and 'dt_free_map' 2019-11-06 13:05:27 +01:00
mt7621-spi
netlogic
nvec
octeon
octeon-usb
olpc_dcon
pi433
rtl8188eu staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table 2020-04-02 15:28:21 +02:00
rtl8192e staging: rtl8192e: fix potential use after free 2019-12-05 09:21:26 +01:00
rtl8192u staging: rtl8192u: fix multiple memory leaks on error path 2019-12-31 16:34:48 +01:00
rtl8712 staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 2020-06-10 21:35:00 +02:00
rtl8723bs Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() 2020-06-30 23:17:18 -04:00
rtlwifi staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx 2020-01-27 14:50:26 +01:00
rts5208
sm750fb staging: sm750fb: add missing case while setting FB_VISUAL 2020-06-25 15:32:54 +02:00
speakup staging/speakup: fix get_word non-space look-ahead 2020-03-25 08:06:11 +01:00
unisys
vboxvideo
vc04_services staging: bcm2835-camera: fix module autoloading 2020-01-27 14:50:05 +01:00
vme
vt6655 staging: vt6655: Fix memory leak in vt6655_probe 2019-10-17 13:45:11 -07:00
vt6656 staging: vt6656: Power save stop wake_up_count wrap around. 2020-04-29 16:31:33 +02:00
wilc1000
wlan-ng staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback 2020-04-02 15:28:21 +02:00
xgifb
Kconfig
Makefile