This is a note to let you know that I've just added the patch titled staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan to the 4.19-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: staging-rtl8192e-fix-possible-buffer-overflow-in-_rtl92e_wx_set_scan.patch and it can be found in the queue-4.19 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 8687bf9ef9551bcf93897e33364d121667b1aadf Mon Sep 17 00:00:00 2001 From: Lee Gibson <leegib@xxxxxxxxx> Date: Fri, 26 Feb 2021 14:51:57 +0000 Subject: staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan From: Lee Gibson <leegib@xxxxxxxxx> commit 8687bf9ef9551bcf93897e33364d121667b1aadf upstream. Function _rtl92e_wx_set_scan calls memcpy without checking the length. A user could control that length and trigger a buffer overflow. Fix by checking the length is within the maximum allowed size. Reviewed-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Signed-off-by: Lee Gibson <leegib@xxxxxxxxx> Cc: stable <stable@xxxxxxxxxxxxxxx> Link: https://lore.kernel.org/r/20210226145157.424065-1-leegib@xxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/staging/rtl8192e/rtl8192e/rtl_wx.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c +++ b/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c @@ -415,9 +415,10 @@ static int _rtl92e_wx_set_scan(struct ne struct iw_scan_req *req = (struct iw_scan_req *)b; if (req->essid_len) { - ieee->current_network.ssid_len = req->essid_len; - memcpy(ieee->current_network.ssid, req->essid, - req->essid_len); + int len = min_t(int, req->essid_len, IW_ESSID_MAX_SIZE); + + ieee->current_network.ssid_len = len; + memcpy(ieee->current_network.ssid, req->essid, len); } } Patches currently in stable-queue which might be from leegib@xxxxxxxxx are queue-4.19/staging-rtl8192e-fix-possible-buffer-overflow-in-_rtl92e_wx_set_scan.patch queue-4.19/staging-rtl8712-fix-possible-buffer-overflow-in-r8712_sitesurvey_cmd.patch