Search Linux Wireless

Re: [PATCH stable] nl80211: fix check for valid SSID size in scan operations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2011-06-06 at 22:30 +0300, Luciano Coelho wrote: 
> In both trigger_scan and sched_scan operations, we were checking for
> the SSID length before assigning the value correctly.  Since the
> memory was just kzalloc'ed, the check was always failing and SSID with
> over 32 characters were allowed to go through.
> 
> This was causing a buffer overflow when copying the actual SSID to the
> proper place.
> 
> This bug has been there since 2.6.29-rc4.
> 
> Backported from commit 208c72f4fe44fe09577e7975ba0e7fa0278f3d03.
> 
> Cc: stable@xxxxxxxxxx
> Signed-off-by: Luciano Coelho <coelho@xxxxxx>
> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
> ---

FWIW, this patch applies cleanly on all stable kernels at least as far
back as 2.6.35, probably even earlier.

-- 
Cheers,
Luca.

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux