On Tue, 2013-02-12 at 20:11 +0200, Luciano Coelho wrote: > cfg80211_find_vendor_ie() was checking only that the vendor IE would > fit in the remaining IEs buffer. If a corrupt includes a vendor IE > that is too small, we could potentially overrun the IEs buffer. > > Fix this by checking that the vendor IE fits in the reported IE length > field and skip it otherwise. Applied. I changed the BUILD_BUG_ON to be != 1 since it has to be that, but if one breaks that ... johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
