]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit
projects / mirror_ubuntu-bionic-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bb372ca) | patch
UBUNTU: SAUCE: rtlwifi: rtl8822b: Fix potential overflow on P2P code
authorTyler Hicks <tyhicks@canonical.com>
Fri, 18 Oct 2019 07:13:34 +0000 (07:13 +0000)
committerKhalid Elmously <khalid.elmously@canonical.com>
Mon, 21 Oct 2019 03:16:21 +0000 (23:16 -0400)
commit17faa7fd5ae35dd5c7f72da74d4670ac232021bd
tree5419e1bdcc7bac6d037bd58c566335938f2b9a9dtree
parentbb372cae82010986a9d4d70f29f78947864d909ecommit | diff
UBUNTU: SAUCE: rtlwifi: rtl8822b: Fix potential overflow on P2P code

Nicolas Waisman noticed that even though noa_len is checked for
a compatible length it's still possible to overrun the buffers
of p2pinfo since there's no check on the upper bound of noa_num.
Bounds check noa_num against P2P_MAX_NOA_NUM using the minimum of the
two.

CVE-2019-17666

Reported-by: Nicolas Waisman <nico@semmle.com>
Suggested-by: Ping-Ke Shih <pkshih@realtek.com>
[tyhicks: Reuse nearly all of a commit message written by Laura Abbott]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Andrea Righi <andrea.righi@canonical.com>
Acked-by: Kleber Souza <kleber.souza@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
drivers/staging/rtlwifi/ps.c diff | blob | blame | history
ubuntu-bionic-kernel mirror