]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 504508c) | patch
wl12xx: fix potential buffer overflow in testmode nvs push
authorLuciano Coelho <coelho@ti.com>
Fri, 1 Apr 2011 16:42:02 +0000 (19:42 +0300)
committerJohn W. Linville <linville@tuxdriver.com>
Mon, 4 Apr 2011 19:22:12 +0000 (15:22 -0400)
commit90b1a44355d705972a6ffa24fc5adb032dbecf99
treee5e1760d61f665bfb3216ef6de7c3a9c6b26d80ctree | snapshot
parent504508c0819dc203a0b22cddd04fbd3b0b72a261commit | diff
wl12xx: fix potential buffer overflow in testmode nvs push

We were allocating the size of the NVS file struct and not checking
whether the length of the buffer passed was correct before copying it
into the allocated memory.  This is a security hole because buffer
overflows can occur if the userspace passes a bigger file than what is
expected.

With this patch, we check if the size of the data passed from
userspace matches the size required.

This bug was introduced in 2.6.36.

Cc: stable@kernel.org
Reported-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/wl12xx/testmode.c diff | blob | history
Linux Kernel Source Tree.