DivestOS/Patches/Linux_CVEs/CVE-2017-0571/0.patch

28 lines
1005 B
Diff

From 4b29d0111186ebef75a9af7da8257697386ac4a4 Mon Sep 17 00:00:00 2001
From: Insun Song <insun.song@broadcom.com>
Date: Wed, 25 Jan 2017 11:41:49 -0800
Subject: [PATCH] net: wireless: bcmdhd: fix buffer overrun in wlfc reordering
added boundary check not to override allocated buffer
Signed-off-by: Insun Song <insun.song@broadcom.com>
Change-Id: Iad44141ba4e4cd224eda292c05ffe525bf74227d
Bug: 34203305
---
drivers/net/wireless/bcmdhd/dhd_wlfc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/bcmdhd/dhd_wlfc.c b/drivers/net/wireless/bcmdhd/dhd_wlfc.c
index 741ebc8642275..3b9cfe85f7635 100644
--- a/drivers/net/wireless/bcmdhd/dhd_wlfc.c
+++ b/drivers/net/wireless/bcmdhd/dhd_wlfc.c
@@ -2458,7 +2458,7 @@ static void
_dhd_wlfc_reorderinfo_indicate(uint8 *val, uint8 len, uchar *info_buf, uint *info_len)
{
if (info_len) {
- if (info_buf) {
+ if (info_buf && (len <= WLHOST_REORDERDATA_TOTLEN)) {
bcopy(val, info_buf, len);
*info_len = len;
}