staging: vt6655: buffer overflow in ioctl
->u.generic_elem.len is a user controlled number between 0-255. We should limit it to avoid memory corruption. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
922b83b4aa
commit
ed87c2b2e7
|
@ -350,6 +350,9 @@ static int hostap_set_generic_element(PSDevice pDevice,
|
|||
{
|
||||
PSMgmtObject pMgmt = pDevice->pMgmt;
|
||||
|
||||
if (param->u.generic_elem.len > sizeof(pMgmt->abyWPAIE))
|
||||
return -EINVAL;
|
||||
|
||||
memcpy(pMgmt->abyWPAIE,
|
||||
param->u.generic_elem.data,
|
||||
param->u.generic_elem.len
|
||||
|
|
Loading…
Reference in New Issue