github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
d883abbc09
linux/drivers/net
History
Wen Huang cbd56515be libertas: Fix two buffer overflows at parsing bss descriptor 
commit e5e884b426 upstream.

add_ie_rates() copys rates without checking the length
in bss descriptor from remote AP.when victim connects to
remote attacker, this may trigger buffer overflow.
lbs_ibss_join_existing() copys rates without checking the length
in bss descriptor from remote IBSS node.when victim connects to
remote attacker, this may trigger buffer overflow.
Fix them by putting the length check before performing copy.

This fix addresses CVE-2019-14896 and CVE-2019-14897.
This also fix build warning of mixed declarations and code.

Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Wen Huang <huangwenabc@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-29 16:43:24 +01:00
..
appletalk
arcnet
bonding
caif
can can, slip: Protect tty->disc_data in write_wakeup and close with RCU 2020-01-29 16:43:14 +01:00
dsa net: dsa: qca8k: Enable delay for RGMII_ID mode 2020-01-27 14:50:25 +01:00
ethernet net/sonic: Prevent tx watchdog timeout 2020-01-29 16:43:23 +01:00
fddi
fjes
hamradio
hippi
hyperv hv_netvsc: flag software created hash value 2020-01-27 14:51:21 +01:00
ieee802154
ipvlan
netdevsim
phy net: phy: don't clear BMCR in genphy_soft_reset 2020-01-27 14:50:34 +01:00
plip
ppp
slip can, slip: Protect tty->disc_data in write_wakeup and close with RCU 2020-01-29 16:43:14 +01:00
team
usb net: usb: lan78xx: Add .ndo_features_check 2020-01-29 16:43:17 +01:00
vmxnet3
wan net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info 2020-01-23 08:21:35 +01:00
wimax
wireless libertas: Fix two buffer overflows at parsing bss descriptor 2020-01-29 16:43:24 +01:00
xen-netback
dummy.c
eql.c
geneve.c
gtp.c gtp: make sure only SOCK_DGRAM UDP sockets are accepted 2020-01-29 16:43:14 +01:00
ifb.c
Kconfig
LICENSE.SRC
loopback.c
macsec.c
macvlan.c macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() 2020-01-23 08:21:34 +01:00
macvtap.c
Makefile
mdio.c
mii.c
net_failover.c
netconsole.c
nlmon.c
ntb_netdev.c
rionet.c
sb1000.c
Space.c
sungem_phy.c
tap.c
thunderbolt.c
tun.c tun: add mutex_unlock() call and napi.skb clearing in tun_get_user() 2020-01-29 16:43:17 +01:00
veth.c
virtio_net.c
vrf.c
vsockmon.c
vxlan.c vxlan: changelink: Fix handling of default remotes 2020-01-27 14:50:07 +01:00
xen-netfront.c