github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
aa2e8b68f2
linux/drivers/net
History
Wen Huang cbd56515be libertas: Fix two buffer overflows at parsing bss descriptor 
commit e5e884b426 upstream.

add_ie_rates() copys rates without checking the length
in bss descriptor from remote AP.when victim connects to
remote attacker, this may trigger buffer overflow.
lbs_ibss_join_existing() copys rates without checking the length
in bss descriptor from remote IBSS node.when victim connects to
remote attacker, this may trigger buffer overflow.
Fix them by putting the length check before performing copy.

This fix addresses CVE-2019-14896 and CVE-2019-14897.
This also fix build warning of mixed declarations and code.

Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Wen Huang <huangwenabc@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-29 16:43:24 +01:00
..
appletalk
arcnet arcnet: provide a buffer big enough to actually receive packets 2019-10-05 13:09:26 +02:00
bonding bonding: fix active-backup transition after link failure 2020-01-04 19:13:23 +01:00
caif caif-hsi: fix possible deadlock in cfhsi_exit_module() 2019-07-28 08:29:23 +02:00
can can, slip: Protect tty->disc_data in write_wakeup and close with RCU 2020-01-29 16:43:14 +01:00
dsa net: dsa: qca8k: Enable delay for RGMII_ID mode 2020-01-27 14:50:25 +01:00
ethernet net/sonic: Prevent tx watchdog timeout 2020-01-29 16:43:23 +01:00
fddi
fjes fjes: fix missed check in fjes_acpi_add 2019-12-31 16:34:36 +01:00
hamradio 6pack,mkiss: fix possible deadlock 2020-01-04 19:13:27 +01:00
hippi
hyperv hv_netvsc: flag software created hash value 2020-01-27 14:51:21 +01:00
ieee802154 ieee802154: ca8210: prevent memory leak 2019-10-29 09:19:31 +01:00
ipvlan
netdevsim
phy net: phy: don't clear BMCR in genphy_soft_reset 2020-01-27 14:50:34 +01:00
plip
ppp ppp: Fix memory leak in ppp_write 2019-10-05 13:09:29 +02:00
slip can, slip: Protect tty->disc_data in write_wakeup and close with RCU 2020-01-29 16:43:14 +01:00
team team: Add vlan tx offload to hw_enc_features 2019-08-25 10:48:04 +02:00
usb net: usb: lan78xx: Add .ndo_features_check 2020-01-29 16:43:17 +01:00
vmxnet3
wan net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info 2020-01-23 08:21:35 +01:00
wimax wimax/i2400m: fix a memory leak bug 2019-09-10 10:33:48 +01:00
wireless libertas: Fix two buffer overflows at parsing bss descriptor 2020-01-29 16:43:24 +01:00
xen-netback net: xen-netback: fix return type of ndo_start_xmit function 2019-11-24 08:19:18 +01:00
dummy.c
eql.c
geneve.c
gtp.c gtp: make sure only SOCK_DGRAM UDP sockets are accepted 2020-01-29 16:43:14 +01:00
ifb.c
Kconfig geneve: change NET_UDP_TUNNEL dependency to select 2019-12-05 09:21:10 +01:00
LICENSE.SRC
loopback.c
macsec.c macsec: let the administrator set UP state even if lowerdev is down 2019-12-01 09:17:03 +01:00
macvlan.c macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() 2020-01-23 08:21:34 +01:00
macvtap.c
Makefile
mdio.c
mii.c
net_failover.c failover: Fix error return code in net_failover_create 2019-11-20 18:46:12 +01:00
netconsole.c
nlmon.c
ntb_netdev.c ntb_netdev: fix sleep time mismatch 2019-12-01 09:17:13 +01:00
rionet.c
sb1000.c
Space.c
sungem_phy.c
tap.c
thunderbolt.c
tun.c tun: add mutex_unlock() call and napi.skb clearing in tun_get_user() 2020-01-29 16:43:17 +01:00
veth.c
virtio_net.c
vrf.c vrf: mark skb for multicast or link-local as enslaved to VRF 2019-12-01 09:17:28 +01:00
vsockmon.c
vxlan.c vxlan: changelink: Fix handling of default remotes 2020-01-27 14:50:07 +01:00
xen-netfront.c xen-netfront: do not use ~0U as error return value for xennet_fill_frags() 2019-10-07 18:57:25 +02:00