On Fri, Feb 26, 2021 at 02:51:57PM +, Lee Gibson wrote:
> Function _rtl92e_wx_set_scan calls memcpy without checking the length.
> A user could control that length and trigger a buffer overflow.
> Fix by checking the length is within the maximum allowed size.
>
> Reviewed-by: Dan Carpenter
>
Function _rtl92e_wx_set_scan calls memcpy without checking the length.
A user could control that length and trigger a buffer overflow.
Fix by checking the length is within the maximum allowed size.
Reviewed-by: Dan Carpenter
Signed-off-by: Lee Gibson
---
drivers/staging/rtl8192e/rtl8192e/rtl_wx