Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp808617imu; Tue, 11 Dec 2018 07:55:36 -0800 (PST) X-Google-Smtp-Source: AFSGD/XCiePo5J4Q30JLeQzjx6vag+kr7aCE8uba2chSHRqxnUhhkAYMYJIN9wMoU7HJBYvq68ju X-Received: by 2002:a17:902:4523:: with SMTP id m32mr16402372pld.53.1544543736261; Tue, 11 Dec 2018 07:55:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544543736; cv=none; d=google.com; s=arc-20160816; b=tTXF6tkJ2Z24tx8F3MMsNTCHscjhUIkGtyPr2PxkGtV9OsBmAB4nj+2WCi3EV+BB/o gQ+9DcnmZqcWuH07KOdod2inwl/UvuOVpVVrOnIngzDEKaIa9BQR6yb2Eir77+g1K/zN LmC/v8HNX4KeqmEovIr4JbufQ98O+hYpvOl/HrYkeoyhZcFcVPICAHmIwuVvluHD9Hl+ mGtB0vbmi3TTtTrs+Turi9vrf5aIA3m8jST/TDmhXiyg9bSDEWz8dxi4ogZbEq9tlUSe smlJ+Tv87GhY9lfmFzDwymln0YjMEeh0VyGZe5C63KXKnxZbT3E+eM9kr+eUxrvZYkTs F//w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=p/Owl7G1shGAzn2S6FR3fl/pIzcFZG8C0gdqU720Ras=; b=NFH8n1kn8iM3a2zKPlPviGS0ad+KqwrROhOfc4RJGha1qLRo6243BK0hjxs45/iN3Q tA0KxcMQDHV9rDopVM0kzqGBe6NJ7wBzulcssw1ivS02mh4e5gGYzdZVVaA74fJHhDyh LALedwT8tnd8ZBSGdyWWM5kHEY8s1MfkHWxHGQnUinj2qKZUHfT3sFMZNdCJNOPTIoQb MesYM2iD0dVosagC+EO1T+yOLljYLAuyXW0+pU2OyGGhlMIoaZNIL4vNnxJV7icK9kfX z0J2axHnRxJdQK1Lpd80AGsxw4N9n9mJXX54BQ5GLtWdnHvqdprmQqfqo/40p+8EhYAC 8UJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=FNSvRUuX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m7si12478573pgi.547.2018.12.11.07.55.21; Tue, 11 Dec 2018 07:55:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=FNSvRUuX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729857AbeLKPxH (ORCPT + 99 others); Tue, 11 Dec 2018 10:53:07 -0500 Received: from mail.kernel.org ([198.145.29.99]:41750 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729846AbeLKPxE (ORCPT ); Tue, 11 Dec 2018 10:53:04 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2FD272146E; Tue, 11 Dec 2018 15:53:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1544543583; bh=nPDkvFeHadqKWlENC3uRBaM5qpoCU7IdF1QE1W8JkN0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FNSvRUuXN4EcDFCHf84u1AHZdcximrXeWICH6/G8w6T7d9yBhnZOWnE3UD1tEOnIm uak+YOJ0gz+tYTGVIWYn/rmZsyQ4+HMIMCa0gE/++U5jAkJgQrnOttG+1SVDtVUeC5 YoikfD9s0QyFzjl8paS3ynuwpNfNpt9LA68ll3Cw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Young Xiao , Dan Carpenter Subject: [PATCH 4.14 54/67] staging: rtl8712: Fix possible buffer overrun Date: Tue, 11 Dec 2018 16:41:54 +0100 Message-Id: <20181211151633.113301658@linuxfoundation.org> X-Mailer: git-send-email 2.20.0 In-Reply-To: <20181211151630.378216233@linuxfoundation.org> References: <20181211151630.378216233@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Young Xiao commit 300cd664865bed5d50ae0a42fb4e3a6f415e8a10 upstream. In commit 8b7a13c3f404 ("staging: r8712u: Fix possible buffer overrun") we fix a potential off by one by making the limit smaller. The better fix is to make the buffer larger. This makes it match up with the similar code in other drivers. Fixes: 8b7a13c3f404 ("staging: r8712u: Fix possible buffer overrun") Signed-off-by: Young Xiao Cc: stable Reviewed-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman --- drivers/staging/rtl8712/mlme_linux.c | 2 +- drivers/staging/rtl8712/rtl871x_mlme.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/drivers/staging/rtl8712/mlme_linux.c +++ b/drivers/staging/rtl8712/mlme_linux.c @@ -158,7 +158,7 @@ void r8712_report_sec_ie(struct _adapter p = buff; p += sprintf(p, "ASSOCINFO(ReqIEs="); len = sec_ie[1] + 2; - len = (len < IW_CUSTOM_MAX) ? len : IW_CUSTOM_MAX - 1; + len = (len < IW_CUSTOM_MAX) ? len : IW_CUSTOM_MAX; for (i = 0; i < len; i++) p += sprintf(p, "%02x", sec_ie[i]); p += sprintf(p, ")"); --- a/drivers/staging/rtl8712/rtl871x_mlme.c +++ b/drivers/staging/rtl8712/rtl871x_mlme.c @@ -1361,7 +1361,7 @@ sint r8712_restruct_sec_ie(struct _adapt u8 *out_ie, uint in_len) { u8 authmode = 0, match; - u8 sec_ie[255], uncst_oui[4], bkup_ie[255]; + u8 sec_ie[IW_CUSTOM_MAX], uncst_oui[4], bkup_ie[255]; u8 wpa_oui[4] = {0x0, 0x50, 0xf2, 0x01}; uint ielength, cnt, remove_cnt; int iEntry;