Search Linux Wireless

Re: [PATCH v2] wifi: ath12k: Fix buffer overflow when scanning with extraie

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/10/2023 4:09 PM, Sven Eckelmann wrote:
On Thursday, 10 August 2023 06:31:02 CEST Wen Gong wrote:
On 8/10/2023 2:16 AM, Jeff Johnson wrote:
On 8/9/2023 10:31 AM, Jeff Johnson wrote:
On 8/9/2023 1:12 AM, Wen Gong wrote:
[...]
Reviewed-by: Jeff Johnson <quic_jjohnson@xxxxxxxxxxx>
Wen, can you please add a Fixes: tag since based upon the discussion
you actually observed a crash

Jeff, do you mean I should add the crash call stack or other thing in
this patch?
I think a reference to the commit which is fixed should be added.

The crash is observed by Sven Eckelmann <sven@xxxxxxxxxxxxx>  on 07 Dec
2021 here:
Subject: Re: [PATCH] ath11k: enable
IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN6855
https://lore.kernel.org/linux-wireless/3267805.el9kkjlfUZ@ripper/
This was for ath11k. See my patch for it in
https://lore.kernel.org/r/20211207142913.1734635-1-sven@xxxxxxxxxxxxx
So I doubt that it is ok to add the same backtrace for an ath12k commit.

And if I compare both patches, it looks to me that you don't handle the
params->extraie.len > 16 bit (see WMI_TLV_LEN) in ath12k.

Kind regards,
	Sven

I added similar check here:
[v2] wifi: ath12k: add check max message length while scanning with extraie
https://patchwork.kernel.org/project/linux-wireless/patch/20230809081657.13858-1-quic_wgong@xxxxxxxxxxx/




[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux