OpenCloudOS-Kernel/drivers/staging
Dan Carpenter b65a2d8c86 Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
The "ie_len" variable is in the 0-255 range and it comes from the
network.  If it's over NDIS_802_11_LENGTH_RATES_EX (16) then that will
lead to memory corruption.

Fixes: 554c0a3abf ("staging: Add rtl8723bs sdio wifi driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200603101958.GA1845750@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-06-16 21:25:38 +02:00
..
android mmap locking API: convert mmap_sem comments 2020-06-09 09:39:14 -07:00
axis-fifo staging: axis-fifo: Fix parenthesis alignment 2020-04-13 08:55:30 +02:00
board
clocking-wizard
comedi mmap locking API: convert mmap_sem comments 2020-06-09 09:39:14 -07:00
emxx_udc
fbtft staging: fbtft: fb_st7789v: make HSD20_IPS numeric and not a string 2020-05-22 10:48:32 +02:00
fieldbus
fsl-dpaa2 Staging/IIO driver patches for 5.8-rc1 2020-06-07 10:45:08 -07:00
fwserial
gasket Merge 5.7-rc5 into staging-next 2020-05-11 08:57:22 +02:00
gdm724x staging: gdm724x: remove redundant assignment to pointer 'w' 2020-04-13 08:55:31 +02:00
goldfish
greybus treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
gs_fpgaboot
iio Merge 5.7-rc7 into staging-next 2020-05-25 09:11:19 +02:00
kpc2000 mmap locking API: use coccinelle to convert mmap_sem rwsem call sites 2020-06-09 09:39:14 -07:00
ks7010 staging: ks7010: remove me from CC list 2020-05-05 12:36:04 +02:00
media Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
most treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mt7621-dma staging: mt7621-dma: quoted string split across lines 2020-03-21 10:31:54 +01:00
mt7621-dts staging: mt7621-pci: fix PCIe interrupt mapping 2020-04-13 14:49:18 +02:00
mt7621-pci staging: mt7621-pci: initialize 'n' variable when it is declared 2020-04-16 12:33:02 +02:00
mt7621-pci-phy staging: mt7621-pci-phy: dt: bindings: remove bindings txt file 2020-04-13 14:49:17 +02:00
mt7621-pinctrl staging: mt7621-pinctrl: Use correct pointer type argument for sizeof 2020-04-23 13:36:20 +02:00
netlogic
nvec
octeon staging/octeon: fix up merge error 2020-03-30 17:22:01 -07:00
octeon-usb
olpc_dcon
pi433 staging: pi433: fix error return code in pi433_probe() 2020-05-05 12:31:18 +02:00
qlge staging: qlge: unmap dma when lock failed 2020-05-19 16:15:39 +02:00
ralink-gdma
rtl8188eu staging: rtl8188eu: make some arrays static const 2020-05-27 10:16:34 +02:00
rtl8192e staging/rtl8192e: Remove function callback casts 2020-05-27 10:16:34 +02:00
rtl8192u staging: rtl8192u: Merge almost duplicate code 2020-05-19 17:08:50 +02:00
rtl8712 staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 2020-05-27 10:16:33 +02:00
rtl8723bs Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() 2020-06-16 21:25:38 +02:00
rts5208 staging: rts5208: shorten long line in func call 2020-03-19 15:11:35 +01:00
sm750fb staging: sm750fb: Add names to proc_setBLANK args 2020-05-29 12:35:59 +02:00
speakup staging/speakup: Add inflection synth parameter 2020-04-28 14:30:10 +02:00
unisys staging: unisys: visorhba: Correct a typo in comment 2020-04-13 08:55:32 +02:00
vc04_services staging: vchiq: Get rid of VCHIQ_SERVICE_OPENEND callback reason 2020-05-27 14:04:32 +02:00
vme
vt6655 staging: vt6656: vt6655: removing unused macros definition Makefiles 2020-05-15 15:49:13 +02:00
vt6656 staging: vt6656: Fix warning: unused variable vnt_frame_time 2020-05-27 12:23:11 +02:00
wfx staging: wfx: fix coherency of hif_scan() prototype 2020-06-16 21:22:51 +02:00
wilc1000 Staging/IIO driver patches for 5.8-rc1 2020-06-07 10:45:08 -07:00
wlan-ng staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback 2020-03-26 15:47:26 +01:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile staging: remove hp100 driver 2020-03-27 10:01:11 +01:00