linux/drivers/staging/rtl8723bs
Dan Carpenter b65a2d8c86 Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
The "ie_len" variable is in the 0-255 range and it comes from the
network.  If it's over NDIS_802_11_LENGTH_RATES_EX (16) then that will
lead to memory corruption.

Fixes: 554c0a3abf ("staging: Add rtl8723bs sdio wifi driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200603101958.GA1845750@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-06-16 21:25:38 +02:00
..
core Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() 2020-06-16 21:25:38 +02:00
hal staging:rtl8723bs: eliminate usage of skb_clone after skb allocation fail 2020-05-05 12:31:18 +02:00
include staging: rtl8723bs: Use common packet header constants 2020-05-29 12:36:00 +02:00
os_dep Staging/IIO driver patches for 5.8-rc1 2020-06-07 10:45:08 -07:00
Kconfig
Makefile staging: rtl8723bs: Remove debugging information exposed via procfs 2019-08-14 13:20:12 +02:00
TODO