Function wl1251_cmd_scan calls memcpy without checking the length.
A user could control that length and trigger a buffer overflow.
Fix by checking the length is within the maximum allowed size.
Signed-off-by: Lee Gibson
---
drivers/net/wireless/ti/wl1251/cmd.c | 7 +--
1 file changed, 5 inse
Lee Gibson writes:
> Function wl1251_cmd_scan calls memcpy without checking the length.
> A user could control that length and trigger a buffer overflow.
> Fix by checking the length is within the maximum allowed size.
>
> Signed-off-by: Lee Gibson
Please fix the commit log, the user cannot con
