From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Nicolai Stange <nstange@suse.de>,
Kalle Valo <kvalo@codeaurora.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 49/52] libertas: make lbs_ibss_join_existing() return error code on rates overflow
Date: Thu, 13 Feb 2020 07:21:30 -0800 [thread overview]
Message-ID: <20200213151829.946401006@linuxfoundation.org> (raw)
In-Reply-To: <20200213151810.331796857@linuxfoundation.org>
From: Nicolai Stange <nstange@suse.de>
[ Upstream commit 1754c4f60aaf1e17d886afefee97e94d7f27b4cb ]
Commit e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss
descriptor") introduced a bounds check on the number of supplied rates to
lbs_ibss_join_existing() and made it to return on overflow.
However, the aforementioned commit doesn't set the return value accordingly
and thus, lbs_ibss_join_existing() would return with zero even though it
failed.
Make lbs_ibss_join_existing return -EINVAL in case the bounds check on the
number of supplied rates fails.
Fixes: e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss descriptor")
Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/libertas/cfg.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c
index 68985d7663491..4e3de684928bf 100644
--- a/drivers/net/wireless/marvell/libertas/cfg.c
+++ b/drivers/net/wireless/marvell/libertas/cfg.c
@@ -1786,6 +1786,7 @@ static int lbs_ibss_join_existing(struct lbs_private *priv,
if (rates_max > MAX_RATES) {
lbs_deb_join("invalid rates");
rcu_read_unlock();
+ ret = -EINVAL;
goto out;
}
rates = cmd.bss.rates;
--
2.20.1
next prev parent reply other threads:[~2020-02-13 15:49 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-13 15:20 [PATCH 4.19 00/52] 4.19.104-stable review Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 01/52] ASoC: pcm: update FE/BE trigger order based on the command Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 02/52] hv_sock: Remove the accept port restriction Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 03/52] IB/mlx4: Fix memory leak in add_gid error flow Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 04/52] RDMA/netlink: Do not always generate an ACK for some netlink operations Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 05/52] RDMA/core: Fix locking in ib_uverbs_event_read Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 06/52] RDMA/uverbs: Verify MR access flags Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 07/52] scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 08/52] PCI/IOV: Fix memory leak in pci_iov_add_virtfn() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 09/52] ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 10/52] PCI/switchtec: Fix vep_vector_number ioread width Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 11/52] PCI: Dont disable bridge BARs when assigning bus resources Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 12/52] nfs: NFS_SWAP should depend on SWAP Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 13/52] NFS: Revalidate the file size on a fatal write error Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 14/52] NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 15/52] NFSv4: try lease recovery on NFS4ERR_EXPIRED Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 16/52] serial: uartps: Add a timeout to the tx empty wait Greg Kroah-Hartman
2020-02-13 18:22 ` Pavel Machek
2020-02-13 18:29 ` Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 17/52] gpio: zynq: Report gpio direction at boot Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 4.19 18/52] spi: spi-mem: Add extra sanity checks on the op param Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 19/52] spi: spi-mem: Fix inverted logic in op sanity check Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 20/52] rtc: hym8563: Return -EINVAL if the time is known to be invalid Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 21/52] rtc: cmos: Stop using shared IRQ Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 22/52] ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 23/52] platform/x86: intel_mid_powerbtn: Take a copy of ddata Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 24/52] ARM: dts: at91: Reenable UART TX pull-ups Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 25/52] ARM: dts: am43xx: add support for clkout1 clock Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 26/52] ARM: dts: at91: sama5d3: fix maximum peripheral clock rates Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 27/52] ARM: dts: at91: sama5d3: define clock rate range for tcb1 Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 28/52] tools/power/acpi: fix compilation error Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 29/52] powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 30/52] powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 31/52] iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 32/52] KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 33/52] ARM: 8949/1: mm: mark free_memmap as __init Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 34/52] arm64: cpufeature: Fix the type of no FP/SIMD capability Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 35/52] arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 36/52] KVM: arm/arm64: Fix young bit from mmu notifier Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 37/52] KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 38/52] KVM: arm: Make inject_abt32() inject an external abort instead Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 39/52] KVM: arm64: pmu: Dont increment SW_INCR if PMCR.E is unset Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 40/52] mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 41/52] mtd: sharpslpart: Fix unsigned comparison to zero Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 42/52] crypto: artpec6 - return correct error code for failed setkey() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 43/52] crypto: atmel-sha - fix error handling when setting hmac key Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 44/52] media: i2c: adv748x: Fix unsafe macros Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 45/52] pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 46/52] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 47/52] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 48/52] libertas: dont exit from lbs_ibss_join_existing() with RCU read lock held Greg Kroah-Hartman
2020-02-13 15:21 ` Greg Kroah-Hartman [this message]
2020-02-13 15:21 ` [PATCH 4.19 50/52] scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 51/52] x86/stackframe: Move ENCODE_FRAME_POINTER to asm/frame.h Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 4.19 52/52] x86/stackframe, x86/ftrace: Add pt_regs frame annotations Greg Kroah-Hartman
2020-02-13 16:53 ` [PATCH 4.19 00/52] 4.19.104-stable review Chris Paterson
2020-02-14 0:46 ` shuah
2020-02-14 5:28 ` Guenter Roeck
2020-02-14 6:30 ` Greg Kroah-Hartman
2020-02-14 10:26 ` Jon Hunter
2020-02-14 10:49 ` Naresh Kamboju
2020-02-14 16:27 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200213151829.946401006@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nstange@suse.de \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).