author | Will Deacon <will@kernel.org> | |
Fri, 4 Oct 2019 09:51:31 +0000 (10:51 +0100) | ||
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
Sun, 27 Oct 2019 20:31:43 +0000 (21:31 +0100) | ||
commit | 169eeebcef88d948eee2c38c24628761eb9f3459 | |
tree | d78c84343179601ecdf5a882b8fd7716617c6ab9 | tree | snapshot (tar.xz tar.gz zip) |
parent | 91a60a9a6e2f03e8f7e3a093578efb3c88d8c080 | commit | diff |
mac80211: Reject malformed SSID elements
commit 4152561f5da3fca92af7179dd538ea89e248f9d0 upstream.
Although this shouldn't occur in practice, it's a good idea to bounds
check the length field of the SSID element prior to using it for things
like allocations or memcpy operations.
Cc: <stable@vger.kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Reported-by: Nicolas Waisman <nico@semmle.com>
Signed-off-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20191004095132.15777-1-will@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4152561f5da3fca92af7179dd538ea89e248f9d0 upstream.
Although this shouldn't occur in practice, it's a good idea to bounds
check the length field of the SSID element prior to using it for things
like allocations or memcpy operations.
Cc: <stable@vger.kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Reported-by: Nicolas Waisman <nico@semmle.com>
Signed-off-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20191004095132.15777-1-will@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/mac80211/mlme.c | diff | blob | history |