aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/staging/rtl8712
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2021-02-24 11:45:59 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2021-03-10 09:23:28 +0100
commitd660f4f42ccea50262c6ee90c8e7ad19a69fb225 (patch)
tree1687f696aa1f0cf3229da8ba220ec9d746b6a1b8 /drivers/staging/rtl8712
parentstaging: rtl8192e: fix kconfig dependency on CRYPTO (diff)
downloadlinux-dev-d660f4f42ccea50262c6ee90c8e7ad19a69fb225.tar.xz
linux-dev-d660f4f42ccea50262c6ee90c8e7ad19a69fb225.zip
staging: rtl8712: unterminated string leads to read overflow
The memdup_user() function does not necessarily return a NUL terminated string so this can lead to a read overflow. Switch from memdup_user() to strndup_user() to fix this bug. Fixes: c6dc001f2add ("staging: r8712u: Merging Realtek's latest (v2.6.6). Various fixes.") Cc: stable <stable@vger.kernel.org> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Link: https://lore.kernel.org/r/YDYSR+1rj26NRhvb@mwanda Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/staging/rtl8712')
-rw-r--r--drivers/staging/rtl8712/rtl871x_ioctl_linux.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
index 81de5a9e6b67..60dd798a6e51 100644
--- a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
+++ b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
@@ -924,7 +924,7 @@ static int r871x_wx_set_priv(struct net_device *dev,
struct iw_point *dwrq = (struct iw_point *)awrq;
len = dwrq->length;
- ext = memdup_user(dwrq->pointer, len);
+ ext = strndup_user(dwrq->pointer, len);
if (IS_ERR(ext))
return PTR_ERR(ext);
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.