brcmfmac: add length check in brcmf_cfg80211_escan_handler()
Upon handling the firmware notification for scans the length was checked properly and may result in corrupting kernel heap memory due to buffer overruns. This fix addresses CVE-2017-0786. Cc: stable@vger.kernel.org # v4.0.x Cc: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: NHante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: NPieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: NFranky Lin <franky.lin@broadcom.com> Signed-off-by: NArend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
Showing
想要评论请 注册 或 登录