From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Nicolai Stange <nstange@suse.de>,
Kalle Valo <kvalo@codeaurora.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 96/96] libertas: make lbs_ibss_join_existing() return error code on rates overflow
Date: Thu, 13 Feb 2020 07:21:43 -0800 [thread overview]
Message-ID: <20200213151914.736275424@linuxfoundation.org> (raw)
In-Reply-To: <20200213151839.156309910@linuxfoundation.org>
From: Nicolai Stange <nstange@suse.de>
[ Upstream commit 1754c4f60aaf1e17d886afefee97e94d7f27b4cb ]
Commit e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss
descriptor") introduced a bounds check on the number of supplied rates to
lbs_ibss_join_existing() and made it to return on overflow.
However, the aforementioned commit doesn't set the return value accordingly
and thus, lbs_ibss_join_existing() would return with zero even though it
failed.
Make lbs_ibss_join_existing return -EINVAL in case the bounds check on the
number of supplied rates fails.
Fixes: e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss descriptor")
Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/libertas/cfg.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c
index 68985d7663491..4e3de684928bf 100644
--- a/drivers/net/wireless/marvell/libertas/cfg.c
+++ b/drivers/net/wireless/marvell/libertas/cfg.c
@@ -1786,6 +1786,7 @@ static int lbs_ibss_join_existing(struct lbs_private *priv,
if (rates_max > MAX_RATES) {
lbs_deb_join("invalid rates");
rcu_read_unlock();
+ ret = -EINVAL;
goto out;
}
rates = cmd.bss.rates;
--
2.20.1
next prev parent reply other threads:[~2020-02-13 15:35 UTC|newest]
Thread overview: 109+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-13 15:20 [PATCH 5.4 00/96] 5.4.20-stable review Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 01/96] ASoC: pcm: update FE/BE trigger order based on the command Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 02/96] hv_sock: Remove the accept port restriction Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 03/96] IB/mlx4: Fix memory leak in add_gid error flow Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 04/96] IB/srp: Never use immediate data if it is disabled by a user Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 05/96] IB/mlx4: Fix leak in id_map_find_del Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 06/96] RDMA/netlink: Do not always generate an ACK for some netlink operations Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 07/96] RDMA/i40iw: fix a potential NULL pointer dereference Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 08/96] RDMA/core: Fix locking in ib_uverbs_event_read Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 09/96] RDMA/uverbs: Verify MR access flags Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 10/96] RDMA/cma: Fix unbalanced cm_id reference count during address resolve Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 11/96] RDMA/umem: Fix ib_umem_find_best_pgsz() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 12/96] scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 13/96] PCI/IOV: Fix memory leak in pci_iov_add_virtfn() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 14/96] ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 15/96] PCI/switchtec: Use dma_set_mask_and_coherent() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 16/96] PCI/switchtec: Fix vep_vector_number ioread width Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 17/96] PCI: tegra: Fix afi_pex2_ctrl reg offset for Tegra30 Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 18/96] PCI: Dont disable bridge BARs when assigning bus resources Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 19/96] PCI/AER: Initialize aer_fifo Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 20/96] iwlwifi: mvm: avoid use after free for pmsr request Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 21/96] bpftool: Dont crash on missing xlated program instructions Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 22/96] bpf, sockmap: Dont sleep while holding RCU lock on tear-down Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 23/96] bpf, sockhash: Synchronize_rcu before freeing map Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 24/96] selftests/bpf: Test freeing sockmap/sockhash with a socket in it Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 25/96] bpf: Improve bucket_log calculation logic Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 26/96] bpf, sockmap: Check update requirements after locking Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 27/96] nfs: NFS_SWAP should depend on SWAP Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 28/96] NFS: Revalidate the file size on a fatal write error Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 29/96] NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 30/96] NFS: Fix fix of show_nfs_errors Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 31/96] NFSv4: pnfs_roc() must use cred_fscmp() to compare creds Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 32/96] NFSv4: try lease recovery on NFS4ERR_EXPIRED Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 33/96] NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 34/96] x86/boot: Handle malformed SRAT tables during early ACPI parsing Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 35/96] rtc: hym8563: Return -EINVAL if the time is known to be invalid Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 36/96] rtc: i2c/spi: Avoid inclusion of REGMAP support when not needed Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 37/96] rtc: cmos: Stop using shared IRQ Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 38/96] watchdog: qcom: Use platform_get_irq_optional() for bark irq Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 39/96] ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 40/96] platform/x86: intel_mid_powerbtn: Take a copy of ddata Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 41/96] arm64: dts: qcom: msm8998: Fix tcsr syscon size Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 42/96] arm64: dts: uDPU: fix broken ethernet Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 43/96] ARM: dts: at91: Reenable UART TX pull-ups Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 44/96] ARM: dts: am43xx: add support for clkout1 clock Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 45/96] arm64: dts: renesas: r8a77990: ebisu: Remove clkout-lr-synchronous from sound Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 46/96] arm64: dts: marvell: clearfog-gt-8k: fix switch cpu port node Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 47/96] ARM: dts: meson8: use the actual frequency for the GPUs 182.1MHz OPP Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 48/96] ARM: dts: meson8b: use the actual frequency for the GPUs 364MHz OPP Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 49/96] ARM: dts: at91: sama5d3: fix maximum peripheral clock rates Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 50/96] ARM: dts: at91: sama5d3: define clock rate range for tcb1 Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 51/96] tools/power/acpi: fix compilation error Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 52/96] soc: qcom: rpmhpd: Set active_only for active only power domains Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 53/96] Revert "powerpc/pseries/iommu: Dont use dma_iommu_ops on secure guests" Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 54/96] powerpc/ptdump: Fix W+X verification call in mark_rodata_ro() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 55/96] powerpc/ptdump: Only enable PPC_CHECK_WX with STRICT_KERNEL_RWX Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 56/96] powerpc/papr_scm: Fix leaking bus_desc.provider_name in some paths Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 57/96] powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 58/96] powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 59/96] iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 60/96] ARM: at91: pm: use SAM9X60 PMCs compatible Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 61/96] ARM: at91: pm: use of_device_id array to find the proper shdwc node Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 62/96] KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 63/96] ARM: 8949/1: mm: mark free_memmap as __init Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 64/96] sched/uclamp: Fix a bug in propagating uclamp value in new cgroups Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 65/96] arm64: cpufeature: Fix the type of no FP/SIMD capability Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 66/96] arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 67/96] arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 68/96] KVM: arm/arm64: Fix young bit from mmu notifier Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 69/96] KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 70/96] KVM: arm: Make inject_abt32() inject an external abort instead Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 71/96] KVM: arm64: pmu: Dont increment SW_INCR if PMCR.E is unset Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 72/96] KVM: arm64: pmu: Fix chained SW_INCR counters Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 73/96] KVM: arm64: Treat emulated TVAL TimerValue as a signed 32-bit integer Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 74/96] arm64: nofpsmid: Handle TIF_FOREIGN_FPSTATE flag cleanly Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 75/96] mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 76/96] mtd: sharpslpart: Fix unsigned comparison to zero Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 77/96] crypto: testmgr - dont try to decrypt uninitialized buffers Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 78/96] crypto: artpec6 - return correct error code for failed setkey() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 79/96] crypto: atmel-sha - fix error handling when setting hmac key Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 80/96] crypto: caam/qi2 - fix typo in algorithms driver name Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 81/96] drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at probe Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 82/96] media: i2c: adv748x: Fix unsafe macros Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 83/96] dt-bindings: iio: adc: ad7606: Fix wrong maxItems value Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 84/96] bcache: avoid unnecessary btree nodes flushing in btree_flush_write() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 85/96] selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" Greg Kroah-Hartman
2020-02-13 16:01 ` Stephen Smalley
2020-02-13 16:27 ` Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 86/96] selinux: fix regression introduced by move_mount(2) syscall Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 87/96] pinctrl: sh-pfc: r8a77965: Fix DU_DOTCLKIN3 drive/bias control Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 88/96] pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 89/96] regmap: fix writes to non incrementing registers Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 90/96] mfd: max77650: Select REGMAP_IRQ in Kconfig Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 91/96] clk: meson: g12a: fix missing uart2 in regmap table Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 92/96] dmaengine: axi-dmac: add a check for devm_regmap_init_mmio Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 93/96] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 94/96] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 95/96] libertas: dont exit from lbs_ibss_join_existing() with RCU read lock held Greg Kroah-Hartman
2020-02-13 15:21 ` Greg Kroah-Hartman [this message]
2020-02-13 22:27 ` [PATCH 5.4 00/96] 5.4.20-stable review Guenter Roeck
2020-02-13 23:05 ` Greg Kroah-Hartman
2020-02-14 7:55 ` Geert Uytterhoeven
2020-02-14 15:23 ` Greg Kroah-Hartman
2020-02-14 0:42 ` shuah
2020-02-14 10:22 ` Naresh Kamboju
2020-02-14 10:27 ` Jon Hunter
2020-02-14 10:27 ` Jon Hunter
2020-02-14 16:12 ` Jeffrin Jose
2020-02-14 16:27 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200213151914.736275424@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nstange@suse.de \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.