Function qtnf_event_handle_external_auth calls memcpy without
checking the length.
A user could control that length and trigger a buffer overflow.
Fix by checking the length is within the maximum allowed size.
Signed-off-by: Lee Gibson
---
v2: use clamp_val() instead of min_t()
drivers/net
Function qtnf_event_handle_external_auth calls memcpy without
checking the length.
A user could control that length and trigger a buffer overflow.
Fix by checking the length is within the maximum allowed size.
Signed-off-by: Lee Gibson
---
drivers/net/wireless/quantenna/qtnfmac/event.c | 6
Function wl1251_cmd_scan calls memcpy without checking the length.
A user could control that length and trigger a buffer overflow.
Fix by checking the length is within the maximum allowed size.
Signed-off-by: Lee Gibson
---
drivers/net/wireless/ti/wl1251/cmd.c | 7 +--
1 file changed, 5
