* [PATCH] nl80211: fix HT capability attribute validation
@ 2011-11-03 8:27 Johannes Berg
0 siblings, 0 replies; only message in thread
From: Johannes Berg @ 2011-11-03 8:27 UTC (permalink / raw)
To: John Linville; +Cc: linux-wireless
From: Johannes Berg <johannes.berg@intel.com>
Since the NL80211_ATTR_HT_CAPABILITY attribute is
used as a struct, it needs a minimum, not maximum
length. Enforce that properly. Not doing so could
potentially lead to reading after the buffer.
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/wireless/nl80211.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/net/wireless/nl80211.c 2011-11-03 09:00:25.000000000 +0100
+++ b/net/wireless/nl80211.c 2011-11-03 09:16:21.000000000 +0100
@@ -132,8 +132,7 @@ static const struct nla_policy nl80211_p
[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
- [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY,
- .len = NL80211_HT_CAPABILITY_LEN },
+ [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
[NL80211_ATTR_IE] = { .type = NLA_BINARY,
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2011-11-03 8:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-03 8:27 [PATCH] nl80211: fix HT capability attribute validation Johannes Berg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox