Jeff Johnson <[email protected]> wrote:
> While converting struct ieee80211_tim_ie::virtual_map to be a flexible
> array it was observed that the TIM IE processing in cw1200_rx_cb()
> could potentially process a malformed IE in a manner that could result
> in a buffer over-read. Add logic to verify that the TIM IE length is
> large enough to hold a valid TIM payload before processing it.
>
> Signed-off-by: Jeff Johnson <[email protected]>
Patch applied to wireless-next.git, thanks.
b7bcea9c27b3 wifi: cw1200: Avoid processing an invalid TIM IE
--
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches