git.proxmox.com Git - mirror_ubuntu-disco-kernel.git/commit

author	Dan Carpenter <dan.carpenter@oracle.com>
	Thu, 4 Apr 2019 08:44:23 +0000 (11:44 +0300)
committer	Stefan Bader <stefan.bader@canonical.com>
	Tue, 13 Aug 2019 12:11:36 +0000 (14:11 +0200)
commit	f526b667cef9efec124de01a8b6a94c258a69259
tree	9a948e05183caf63a8ccd9320f147ec2539a0a2b	tree
parent	9646e134cf5bb7bafc857c93aa72319d1e3109b1	commit \| diff

mwifiex: prevent an array overflow

BugLink: https://bugs.launchpad.net/bugs/1837517
[ Upstream commit b4c35c17227fe437ded17ce683a6927845f8c4a4 ]

The "rate_index" is only used as an index into the phist_data->rx_rate[]
array in the mwifiex_hist_data_set() function.  That array has
MWIFIEX_MAX_AC_RX_RATES (74) elements and it's used to generate some
debugfs information.  The "rate_index" variable comes from the network
skb->data[] and it is a u8 so it's in the 0-255 range.  We need to cap
it to prevent an array overflow.

Fixes: cbf6e05527a7 ("mwifiex: add rx histogram statistics support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>