提交 ed87c2b2 编写于 作者: D Dan Carpenter 提交者: Greg Kroah-Hartman

staging: vt6655: buffer overflow in ioctl

->u.generic_elem.len is a user controlled number between 0-255.  We
should limit it to avoid memory corruption.
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
上级 922b83b4
......@@ -350,6 +350,9 @@ static int hostap_set_generic_element(PSDevice pDevice,
{
PSMgmtObject pMgmt = pDevice->pMgmt;
if (param->u.generic_elem.len > sizeof(pMgmt->abyWPAIE))
return -EINVAL;
memcpy(pMgmt->abyWPAIE,
param->u.generic_elem.data,
param->u.generic_elem.len
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册