iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[PATCH] hostap: Fix unlikely read overrun in CIS parsing

Browse Source 
The Coverity checker (CID: 452, 453, 454, 455, 456) spotted this
unlikely read overrun of CIS buffer. Abort if CISTPL_CONFIG or
CISTPL_MANFID would not fit in buffer.

Signed-off-by: Jouni Malinen <jkmaline@cc.hut.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Jouni Malinen 2006-03-19 19:21:47 -08:00 committed by John W. Linville
parent 8abceaf1cf
commit 3a1c42ad98
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/net/wireless/hostap/hostap_plx.c
View File

@ -368,7 +368,7 @@ static int prism2_plx_check_cis(void __iomem *attr_mem, int attr_len,
switch (cis[pos]) {
case CISTPL_CONFIG:
if (cis[pos + 1] < 1)
if (cis[pos + 1] < 2)
goto cis_error;
rmsz = (cis[pos + 2] & 0x3c) >> 2;
rasz = cis[pos + 2] & 0x03;
@ -390,7 +390,7 @@ static int prism2_plx_check_cis(void __iomem *attr_mem, int attr_len,
break;
case CISTPL_MANFID:
if (cis[pos + 1] < 4)
if (cis[pos + 1] < 5)
goto cis_error;
manfid1 = cis[pos + 2] + (cis[pos + 3] << 8);
manfid2 = cis[pos + 4] + (cis[pos + 5] << 8);