mirror of https://github.com/torvalds/linux.git
1b9ca0272f
Incorrect variable was used in validating the akm_suites array from NL80211_ATTR_AKM_SUITES. In addition, there was no explicit validation of the array length (we only have room for NL80211_MAX_NR_AKM_SUITES). This can result in a buffer write overflow for stack variables with arbitrary data from user space. The nl80211 commands using the affected functionality require GENL_ADMIN_PERM, so this is only exposed to admin users. Cc: stable@kernel.org Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| Kconfig | ||
| Makefile | ||
| chan.c | ||
| core.c | ||
| core.h | ||
| db.txt | ||
| debugfs.c | ||
| debugfs.h | ||
| ethtool.c | ||
| ethtool.h | ||
| genregdb.awk | ||
| ibss.c | ||
| lib80211.c | ||
| lib80211_crypt_ccmp.c | ||
| lib80211_crypt_tkip.c | ||
| lib80211_crypt_wep.c | ||
| mesh.c | ||
| mlme.c | ||
| nl80211.c | ||
| nl80211.h | ||
| radiotap.c | ||
| reg.c | ||
| reg.h | ||
| regdb.h | ||
| scan.c | ||
| sme.c | ||
| sysfs.c | ||
| sysfs.h | ||
| util.c | ||
| wext-compat.c | ||
| wext-compat.h | ||
| wext-core.c | ||
| wext-priv.c | ||
| wext-proc.c | ||
| wext-sme.c | ||
| wext-spy.c | ||