patch "staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data()." added to staging-linus
This is a note to let you know that I've just added the patch titled
staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data().
to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch.
The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the next -rc kernel release.
If you have any questions about this process, please let me know.
From 920c92448839bd4f8eb87a92b08cad56d449caff Mon Sep 17 00:00:00 2001
From: Murray McAllister murray.mcallister@insomniasec.com Date: Mon, 2 Jul 2018 13:07:28 +1200 Subject: staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data().
Dan Carpenter reported an integer underflow issue in the rtl8188eu driver. This is also needed for the length (signed integer) in rtl8723bs, as it is later converted to an unsigned integer and used in a memcpy operation.
Original issue is at https://patchwork.kernel.org/patch/9796371/
Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Murray McAllister murray.mcallister@insomniasec.com Cc: stable stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/staging/rtl8723bs/core/rtw_ap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_ap.c b/drivers/staging/rtl8723bs/core/rtw_ap.c index 45c05527a57a..faf4b4158cfa 100644 --- a/drivers/staging/rtl8723bs/core/rtw_ap.c +++ b/drivers/staging/rtl8723bs/core/rtw_ap.c @@ -1051,7 +1051,7 @@ int rtw_check_beacon_data(struct adapter *padapter, u8 *pbuf, int len) return _FAIL;
- if (len > MAX_IE_SZ) + if (len < 0 || len > MAX_IE_SZ) return _FAIL;
pbss_network->IELength = len;
On Mon, Jul 02, 2018 at 10:48:41AM +0200, gregkh@linuxfoundation.org wrote:
This is a note to let you know that I've just added the patch titled
staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data().to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch.
The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the next -rc kernel release.
If you have any questions about this process, please let me know.
From 920c92448839bd4f8eb87a92b08cad56d449caff Mon Sep 17 00:00:00 2001
From: Murray McAllister murray.mcallister@insomniasec.com Date: Mon, 2 Jul 2018 13:07:28 +1200 Subject: staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data().
Dan Carpenter reported an integer underflow issue in the rtl8188eu driver. This is also needed for the length (signed integer) in rtl8723bs, as it is later converted to an unsigned integer and used in a memcpy operation.
Original issue is at https://patchwork.kernel.org/patch/9796371/
Reported-by: Dan Carpenter dan.carpenter@oracle.com
Greg, you gave me Reported-by credit for this but really Murray found it on his own. It was slightly confusing perhaps from the commit message.
regards, dan carpenter
On Tue, Jul 03, 2018 at 01:42:47PM +0300, Dan Carpenter wrote:
On Mon, Jul 02, 2018 at 10:48:41AM +0200, gregkh@linuxfoundation.org wrote:
This is a note to let you know that I've just added the patch titled
staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data().to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch.
The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the next -rc kernel release.
If you have any questions about this process, please let me know.
From 920c92448839bd4f8eb87a92b08cad56d449caff Mon Sep 17 00:00:00 2001
From: Murray McAllister murray.mcallister@insomniasec.com Date: Mon, 2 Jul 2018 13:07:28 +1200 Subject: staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data().
Dan Carpenter reported an integer underflow issue in the rtl8188eu driver. This is also needed for the length (signed integer) in rtl8723bs, as it is later converted to an unsigned integer and used in a memcpy operation.
Original issue is at https://patchwork.kernel.org/patch/9796371/
Reported-by: Dan Carpenter dan.carpenter@oracle.com
Greg, you gave me Reported-by credit for this but really Murray found it on his own. It was slightly confusing perhaps from the commit message.
Sorry about that, the commit message was confusing :(
linux-stable-mirror@lists.linaro.org
-
Dan Carpenter -
Greg KH -
gregkh@linuxfoundation.org