linux-staging.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: <gregkh@linuxfoundation.org>
To: Larry.Finger@lwfinger.net,dan.carpenter@oracle.com,efremov@linux.com,gregkh@linuxfoundation.org,linux-staging@lists.linux.dev,phil@philpotter.co.uk,straube.linux@gmail.com
Cc: <stable-commits@vger.kernel.org>
Subject: Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 5.10-stable tree
Date: Thu, 26 May 2022 14:05:57 +0200	[thread overview]
Message-ID: <165356675768197@kroah.com> (raw)
In-Reply-To: <20220520035730.5533-1-efremov@linux.com>


This is a note to let you know that I've just added the patch titled

    staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


From efremov@linux.com  Thu May 26 14:03:56 2022
From: "Denis Efremov (Oracle)" <efremov@linux.com>
Date: Fri, 20 May 2022 07:57:30 +0400
Subject: staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
To: gregkh@linuxfoundation.org
Cc: "Denis Efremov (Oracle)" <efremov@linux.com>, Larry.Finger@lwfinger.net, phil@philpotter.co.uk, dan.carpenter@oracle.com, straube.linux@gmail.com, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, stable <stable@vger.kernel.org>
Message-ID: <20220520035730.5533-1-efremov@linux.com>

From: "Denis Efremov (Oracle)" <efremov@linux.com>

This code has a check to prevent read overflow but it needs another
check to prevent writing beyond the end of the ->Ssid[] array.

Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/rtl8723bs/os_dep/ioctl_linux.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c
+++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c
@@ -1351,9 +1351,11 @@ static int rtw_wx_set_scan(struct net_de
 
 					sec_len = *(pos++); len -= 1;
 
-					if (sec_len > 0 && sec_len <= len) {
+					if (sec_len > 0 &&
+					    sec_len <= len &&
+					    sec_len <= 32) {
 						ssid[ssid_index].SsidLength = sec_len;
-						memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength);
+						memcpy(ssid[ssid_index].Ssid, pos, sec_len);
 						/* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */
 						/* 	, ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */
 						ssid_index++;


Patches currently in stable-queue which might be from efremov@linux.com are

queue-5.10/staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch

  parent reply	other threads:[~2022-05-26 12:06 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <YEHymwsnHewzoam7@mwanda>
2022-05-18  7:00 ` [PATCH] staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() Denis Efremov
2022-05-18  7:49   ` Denis Efremov
2022-05-19 15:40     ` Greg KH
2022-05-20  3:57       ` [PATCH v5.10] staging: rtl8723bs: " Denis Efremov (Oracle)
2022-05-23 15:26         ` Greg KH
2022-05-23 17:41           ` Denis Efremov
2022-05-26 12:05             ` Greg KH
2022-05-26 12:05         ` gregkh [this message]
2022-05-23 17:39       ` [PATCH v5.4-v4.14] " Denis Efremov (Oracle)
2022-05-26 12:05         ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 4.14-stable tree gregkh
2022-05-26 12:05         ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 4.19-stable tree gregkh
2022-05-26 12:05         ` Patch "staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()" has been added to the 5.4-stable tree gregkh
2022-05-19 15:45   ` [PATCH] staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() Greg KH
2022-05-19 17:16     ` Dan Carpenter
2022-05-19 17:36       ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=165356675768197@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=Larry.Finger@lwfinger.net \
    --cc=dan.carpenter@oracle.com \
    --cc=efremov@linux.com \
    --cc=linux-staging@lists.linux.dev \
    --cc=phil@philpotter.co.uk \
    --cc=stable-commits@vger.kernel.org \
    --cc=straube.linux@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).