From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 407577C for ; Thu, 26 May 2022 12:06:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AF603C34113; Thu, 26 May 2022 12:06:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1653566762; bh=F8mZ3sGUtmV3a6/X0fT3XukKvyXrWkK5TlslR8ZHtEA=; h=Subject:To:Cc:From:Date:In-Reply-To:From; b=nDLo9noyAe633YvkDBFLMZE5vuSaD7Ad8ks90/qY1W0U5IktvDnCDQjgNTMCQMZr7 Y8WppA6ITuZ5ZfQs87q+aCyCp0hnHpbVHeOqJXxVIs0doMbKooyLgcwc0XZaxltMsF kUOImkYTSvXGfH2Nao27a2awaNybI3aTHRll7T34= Subject: Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 5.4-stable tree To: Larry.Finger@lwfinger.net,dan.carpenter@oracle.com,efremov@linux.com,gregkh@linuxfoundation.org,linux-staging@lists.linux.dev,phil@philpotter.co.uk,straube.linux@gmail.com Cc: From: Date: Thu, 26 May 2022 14:05:47 +0200 In-Reply-To: <20220523173943.12486-1-efremov@linux.com> Message-ID: <165356674721493@kroah.com> Precedence: bulk X-Mailing-List: linux-staging@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit X-stable: commit X-Patchwork-Hint: ignore This is a note to let you know that I've just added the patch titled staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch and it can be found in the queue-5.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From efremov@linux.com Thu May 26 14:03:14 2022 From: "Denis Efremov (Oracle)" Date: Mon, 23 May 2022 21:39:43 +0400 Subject: staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() To: gregkh@linuxfoundation.org Cc: "Denis Efremov (Oracle)" , Larry.Finger@lwfinger.net, phil@philpotter.co.uk, dan.carpenter@oracle.com, straube.linux@gmail.com, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, stable Message-ID: <20220523173943.12486-1-efremov@linux.com> From: "Denis Efremov (Oracle)" This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ssid[] array. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable Signed-off-by: Denis Efremov (Oracle) Signed-off-by: Greg Kroah-Hartman --- drivers/staging/rtl8723bs/os_dep/ioctl_linux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c +++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c @@ -1351,9 +1351,11 @@ static int rtw_wx_set_scan(struct net_de sec_len = *(pos++); len-= 1; - if (sec_len>0 && sec_len<=len) { + if (sec_len > 0 && + sec_len <= len && + sec_len <= 32) { ssid[ssid_index].SsidLength = sec_len; - memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength); + memcpy(ssid[ssid_index].Ssid, pos, sec_len); /* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */ /* , ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */ ssid_index++; Patches currently in stable-queue which might be from efremov@linux.com are queue-5.4/staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch