-
由 Laura Abbott 提交于
mainline inclusion from mainline-v5.4 commit 8c55dedb795be8ec0cf488f98c03a1c2176f7fb1 category: 13690 bugzilla: NA CVE: CVE-2019-17666 ------------------------------------------------- Nicolas Waisman noticed that even though noa_len is checked for a compatible length it's still possible to overrun the buffers of p2pinfo since there's no check on the upper bound of noa_num. Bound noa_num against P2P_MAX_NOA_NUM. Reported-by: NNicolas Waisman <nico@semmle.com> Signed-off-by: NLaura Abbott <labbott@redhat.com> Acked-by: NPing-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
ef63f664