]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/commit
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
authorLuca Coelho <luciano.coelho@intel.com>
Sat, 13 Oct 2018 06:46:08 +0000 (09:46 +0300)
committerKalle Valo <kvalo@codeaurora.org>
Sat, 13 Oct 2018 11:48:44 +0000 (14:48 +0300)
commit3d71c3f1f50cf309bd20659422af549bc784bfff
treef344d7ba5f2fe15bd60f0e9bc97e11ebeb05ef1d
parent12f7a1867467e44507e5da5fc01c0479ce9a14b3
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()

The rs_rate_from_ucode_rate() function may return -EINVAL if the rate
is invalid, but none of the callsites check for the error, potentially
making us access arrays with index IWL_RATE_INVALID, which is larger
than the arrays, causing an out-of-bounds access.  This will trigger
KASAN warnings, such as the one reported in the bugzilla issue
mentioned below.

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=200659

Cc: stable@vger.kernel.org
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
drivers/net/wireless/intel/iwlwifi/mvm/rs.c