Xiaohui Zhang <[email protected]> wrote: > From: Zhang Xiaohui <[email protected]> > > mwifiex_cmd_802_11_ad_hoc_start() calls memcpy() without checking > the destination size may trigger a buffer overflower, > which a local user could use to cause denial of service > or the execution of arbitrary code. > Fix it by putting the length check before calling memcpy(). > > Signed-off-by: Zhang Xiaohui <[email protected]>
Patch applied to wireless-drivers-next.git, thanks. 5c455c5ab332 mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start -- https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
