Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp817426imu; Tue, 11 Dec 2018 08:03:07 -0800 (PST) X-Google-Smtp-Source: AFSGD/U8TfuFkCkZ8l4LJ6BJK2V1bSphmsT4Uyp1mgJsDs22UakRsjUcpHsKe4XHFAWDOvwV75/f X-Received: by 2002:a63:78cd:: with SMTP id t196mr15102088pgc.62.1544544187862; Tue, 11 Dec 2018 08:03:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544544187; cv=none; d=google.com; s=arc-20160816; b=DFGu546kOPHc/5knKWaYNZNgOdhXCJBSOpLQ6V8zfER1fX8u077JFU5kSc+xqbvf1H Ho2cXizaZ0dunWGgtrNzvpgrqj/uofTjkYsMoAFuvsofclzhUBI4dMkt0bS0+L6l7zGK zGrGzdkwFUhltzEy8qZn5ZEqxvCC6pLQljYyffIVuXSFlitmqHZXkGq9MPdVquXq85zi YCO71f/XIP8Wz+claImkgsJITqi65LqToezf7ZGvnFk1953tlu884sNF6xep/v2u1n2E UP01AFKZF33mZpaKzLG24qYGrGRSn5VbPSrii0MmbbC5HTk2Kr2cM5g9/ekbJYOMNMBg fD8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=N5ZCK0uHHNfYS5GataXR5lOMvQ/tRzreluPAkJmwjC0=; b=sWKxE8ViyBRww7fnDfubEVkgTM+7AAjbLmoMcDT4MZ5QYK++R3euzGn8OWR/4fkSae p2YctTZQyFX5mypr+ir9yAOxJ1cua9hN/Ue3bdP1KyRRvpqB82/NdjOLt/7IyRCATcVI WRrVbLGFxvoizmiOcEZ9PF1H7ulH5f0ooZe6tJgn/2WjDNNJ9aOKBWZYLqf9iJ5ZgJL/ j7zDjX0OhVLebT3kgL213I8ZuQslOqIp5TyBTiQTtFj+rUwjMQbI+dMFB3EWhv7yhEpR uQ1qVkcB+N9WcWnAeGa4oWLaWcT8Fzk7z7kpfT8wPjILryYobYez6AbVeqHueRaS7OPS zOug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BlNtzIGi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u131si12531036pgc.287.2018.12.11.08.02.51; Tue, 11 Dec 2018 08:03:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BlNtzIGi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730893AbeLKP5s (ORCPT + 99 others); Tue, 11 Dec 2018 10:57:48 -0500 Received: from mail.kernel.org ([198.145.29.99]:46870 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729928AbeLKP5q (ORCPT ); Tue, 11 Dec 2018 10:57:46 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B0A6121104; Tue, 11 Dec 2018 15:57:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1544543866; bh=c4r4IHHy+FIjhY+4OSOtUtFf3fTrxqw8UF3KG/lzvco=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BlNtzIGinu2nDfJyKSYylZfDW5xvdqhuEpPCctUhjIa7Dhe0pu4UoTJ11qVmds63Y k3cboM3mMUAuczbhjzW9lJbHk0xW3twFv14AcZYnjKnQVzyssLX2fjW1oU9L/ybJfs SdabRn1l+rKGV0aK97jjFpNKPNhWd7sTNAbBDstI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Young Xiao , Dan Carpenter Subject: [PATCH 4.19 094/118] staging: rtl8712: Fix possible buffer overrun Date: Tue, 11 Dec 2018 16:41:53 +0100 Message-Id: <20181211151648.066806655@linuxfoundation.org> X-Mailer: git-send-email 2.20.0 In-Reply-To: <20181211151644.216668863@linuxfoundation.org> References: <20181211151644.216668863@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Young Xiao commit 300cd664865bed5d50ae0a42fb4e3a6f415e8a10 upstream. In commit 8b7a13c3f404 ("staging: r8712u: Fix possible buffer overrun") we fix a potential off by one by making the limit smaller. The better fix is to make the buffer larger. This makes it match up with the similar code in other drivers. Fixes: 8b7a13c3f404 ("staging: r8712u: Fix possible buffer overrun") Signed-off-by: Young Xiao Cc: stable Reviewed-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman --- drivers/staging/rtl8712/mlme_linux.c | 2 +- drivers/staging/rtl8712/rtl871x_mlme.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/drivers/staging/rtl8712/mlme_linux.c +++ b/drivers/staging/rtl8712/mlme_linux.c @@ -158,7 +158,7 @@ void r8712_report_sec_ie(struct _adapter p = buff; p += sprintf(p, "ASSOCINFO(ReqIEs="); len = sec_ie[1] + 2; - len = (len < IW_CUSTOM_MAX) ? len : IW_CUSTOM_MAX - 1; + len = (len < IW_CUSTOM_MAX) ? len : IW_CUSTOM_MAX; for (i = 0; i < len; i++) p += sprintf(p, "%02x", sec_ie[i]); p += sprintf(p, ")"); --- a/drivers/staging/rtl8712/rtl871x_mlme.c +++ b/drivers/staging/rtl8712/rtl871x_mlme.c @@ -1358,7 +1358,7 @@ sint r8712_restruct_sec_ie(struct _adapt u8 *out_ie, uint in_len) { u8 authmode = 0, match; - u8 sec_ie[255], uncst_oui[4], bkup_ie[255]; + u8 sec_ie[IW_CUSTOM_MAX], uncst_oui[4], bkup_ie[255]; u8 wpa_oui[4] = {0x0, 0x50, 0xf2, 0x01}; uint ielength, cnt, remove_cnt; int iEntry;