[PATCH v2] staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
Dan Carpenter
dan.carpenter at oracle.com
Fri Feb 26 13:48:55 UTC 2021
On Fri, Feb 26, 2021 at 01:27:25PM +0000, Lee Gibson wrote:
> Function _rtl92e_wx_set_scan calls memcpy without checking the length.
> A user could control that length and trigger a buffer overflow.
> Fix by checking the length is within the maximum allowed size.
>
> Changes in v2:
> Changed to use min_t as per useful suggestions
This kind of information is supposed to go below the --- cut off line
>
> Signed-off-by: Lee Gibson <leegib at gmail.com>
> ---
^^^
here.
regards,
dan carpenter
More information about the devel
mailing list