1
linux/drivers/staging/vt6655
Dan Carpenter dd173abfea Staging: vt6655: fix buffer overflow
"param->u.wpa_associate.wpa_ie_len" comes from the user.  We should
check it so that the copy_from_user() doesn't overflow the buffer.

Also further down in the function, we assume that if
"param->u.wpa_associate.wpa_ie_len" is set then "abyWPAIE[0]" is
initialized.  To make that work, I changed the test here to say that if
"wpa_ie_len" is set then "wpa_ie" has to be a valid pointer or we return
-EINVAL.

Oddly, we only use the first element of the abyWPAIE[] array.  So I
suspect there may be some other issues in this function.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-09-20 16:31:54 -07:00
..
80211hdr.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
80211mgr.c Staging: vt6655: replace TRUE with in kernel true 2010-08-02 18:17:12 -07:00
80211mgr.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
aes_ccmp.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
aes_ccmp.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
baseband.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
baseband.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
bssdb.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
bssdb.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
card.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
card.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
channel.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
channel.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
country.h Staging: vt6655: move channel mapping code from card.c to channel.c 2010-06-22 15:39:58 -07:00
datarate.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
datarate.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
desc.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
device_cfg.h Staging: vt6655: replace FALSE with in kernel false 2010-08-02 18:17:38 -07:00
device_main.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
device.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
dpc.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
dpc.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
hostap.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
hostap.h Staging: vt6655: Rename hostap_set_hostapd, hostap_iotctl. 2010-05-11 11:35:56 -07:00
IEEE11h.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
IEEE11h.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
iocmd.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
ioctl.c Staging: vt6655: replace FALSE with in kernel false 2010-08-02 18:17:38 -07:00
ioctl.h Staging: vt6655: remove DWORD typedef 2010-06-24 14:23:17 -07:00
iowpa.h Staging: vt665x: Clean up include files, Part 2 2009-09-15 12:02:08 -07:00
iwctl.c Staging: vt6655: replace FALSE with in kernel false 2010-08-02 18:17:38 -07:00
iwctl.h Staging: vt665x: Clean up include files, Part 2 2009-09-15 12:02:08 -07:00
Kconfig Staging/vt66*: kconfig, depends on WLAN 2009-12-23 11:27:50 -08:00
key.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
key.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
mac.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
mac.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
Makefile Staging: vt6655: move channel mapping code from card.c to channel.c 2010-06-22 15:39:58 -07:00
mib.c Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
mib.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
michael.c Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
michael.h Staging: vt6655: remove DWORD typedef 2010-06-24 14:23:17 -07:00
power.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
power.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
rc4.c Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
rc4.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
rf.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
rf.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
rxtx.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
rxtx.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
srom.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
srom.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
tcrc.c Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
tcrc.h Staging: vt6655: remove DWORD typedef 2010-06-24 14:23:17 -07:00
test
tether.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
tether.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
tkip.c Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
tkip.h Staging: vt6655: remove WORD typedef 2010-06-24 14:23:17 -07:00
tmacro.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
TODO Staging: vt6655: Add TODO entries on x86-64 pointers and .data size 2010-06-25 11:11:22 -07:00
ttype.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
upc.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
vntconfiguration.dat
vntwifi.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
vntwifi.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wcmd.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wcmd.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wctl.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wctl.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wmgr.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wmgr.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wpa2.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wpa2.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
wpa.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wpa.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wpactl.c Staging: vt6655: fix buffer overflow 2010-09-20 16:31:54 -07:00
wpactl.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wroute.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wroute.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00