diff options
| author | Dan Carpenter <error27@gmail.com> | 2010-09-06 12:32:30 (GMT) |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-09-20 23:31:54 (GMT) |
| commit | dd173abfead903c7df54e977535973f3312cd307 (patch) | |
| tree | 905398a016da8e714894786c24684fa532cace12 /arch/arm/mach-omap2/pm34xx.c | |
| parent | 350aede603f7db7a9b4c1a340fbe89ccae6523a2 (diff) | |
| download | linux-fsl-qoriq-dd173abfead903c7df54e977535973f3312cd307.tar.xz | |
Staging: vt6655: fix buffer overflow
"param->u.wpa_associate.wpa_ie_len" comes from the user. We should
check it so that the copy_from_user() doesn't overflow the buffer.
Also further down in the function, we assume that if
"param->u.wpa_associate.wpa_ie_len" is set then "abyWPAIE[0]" is
initialized. To make that work, I changed the test here to say that if
"wpa_ie_len" is set then "wpa_ie" has to be a valid pointer or we return
-EINVAL.
Oddly, we only use the first element of the abyWPAIE[] array. So I
suspect there may be some other issues in this function.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'arch/arm/mach-omap2/pm34xx.c')
0 files changed, 0 insertions, 0 deletions