openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/drivers/net/wireless/broadcom/brcm80211
History
Arend Van Spriel ded8991215 brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap() 
User-space can choose to omit NL80211_ATTR_SSID and only provide raw
IE TLV data. When doing so it can provide SSID IE with length exceeding
the allowed size. The driver further processes this IE copying it
into a local variable without checking the length. Hence stack can be
corrupted and used as exploit.

Cc: stable@vger.kernel.org # v4.7
Reported-by: Daxing Guo <freener.gdx@gmail.com>
Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
Reviewed-by: Franky Lin <franky.lin@broadcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 		2016-09-07 16:43:50 +03:00
..
brcmfmac brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap() 2016-09-07 16:43:50 +03:00
brcmsmac brcmsmac: Initialize power in brcms_c_stf_ss_algo_channel_get() 2016-07-19 21:14:20 +03:00
brcmutil brcmutil: add field storing control channel to the struct brcmu_chan 2016-06-14 17:27:42 +03:00
include brcmfmac: add support for the PCIE devices 43525 and 43465 2016-06-16 18:20:05 +03:00
Kconfig
Makefile