summaryrefslogtreecommitdiff
path: root/drivers/net/wireless/p54/p54usb.c
diff options
context:
space:
mode:
authorLuciano Coelho <coelho@ti.com>2011-04-01 19:42:02 +0300
committerJohn W. Linville <linville@tuxdriver.com>2011-04-04 15:22:12 -0400
commit09b661b33268698d3b453dceb78cda129ad899b4 (patch)
treee5e1760d61f665bfb3216ef6de7c3a9c6b26d80c /drivers/net/wireless/p54/p54usb.c
parent023535732f4db01af4921f20f058bc4561d9add7 (diff)
wl12xx: fix potential buffer overflow in testmode nvs push
We were allocating the size of the NVS file struct and not checking whether the length of the buffer passed was correct before copying it into the allocated memory. This is a security hole because buffer overflows can occur if the userspace passes a bigger file than what is expected. With this patch, we check if the size of the data passed from userspace matches the size required. This bug was introduced in 2.6.36. Cc: stable@kernel.org Reported-by: Ido Yariv <ido@wizery.com> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/p54/p54usb.c')
0 files changed, 0 insertions, 0 deletions