Xiaohui Zhang <ruc_zhangxiaohui@xxxxxxx> wrote: > From: Zhang Xiaohui <ruc_zhangxiaohui@xxxxxxx> > > mwifiex_cmd_802_11_ad_hoc_start() calls memcpy() without checking > the destination size may trigger a buffer overflower, > which a local user could use to cause denial of service > or the execution of arbitrary code. > Fix it by putting the length check before calling memcpy(). > > Signed-off-by: Zhang Xiaohui <ruc_zhangxiaohui@xxxxxxx> Patch applied to wireless-drivers-next.git, thanks. 5c455c5ab332 mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start -- https://patchwork.kernel.org/project/linux-wireless/patch/20201206084801.26479-1-ruc_zhangxiaohui@xxxxxxx/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches