summaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorLuciano Coelho <coelho@ti.com>2013-02-12 20:11:38 +0200
committerJohannes Berg <johannes.berg@intel.com>2013-02-13 10:14:17 +0100
commit6719429dd61cde1fe30d9644d0aa2369eefc9005 (patch)
tree5318edf7523b03cb3c34f2824985dc246231a053 /security/integrity
parentbb92d19983a4b54be3e3b83441a8076d92cd04bc (diff)
downloadblackbird-op-linux-6719429dd61cde1fe30d9644d0aa2369eefc9005.tar.gz
blackbird-op-linux-6719429dd61cde1fe30d9644d0aa2369eefc9005.zip
cfg80211: check vendor IE length to avoid overrun
cfg80211_find_vendor_ie() was checking only that the vendor IE would fit in the remaining IEs buffer. If a corrupt includes a vendor IE that is too small, we could potentially overrun the IEs buffer. Fix this by checking that the vendor IE fits in the reported IE length field and skip it otherwise. Reported-by: Jouni Malinen <j@w1.fi> Signed-off-by: Luciano Coelho <coelho@ti.com> [change BUILD_BUG_ON to != 1 (from >= 2)] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'security/integrity')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud