stuartl/linux-stable
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-09-15 11:28:36 +10:00
Code Issues Releases Wiki Activity

wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()

Browse Source 
[ Upstream commit 62b635dcd6 ]

If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would
lead to memory corruption so add some bounds checking.

Fixes: c38c701851 ("wifi: cfg80211: Set SSID if it is not already set")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://patch.msgid.link/0aaaae4a3ed37c6252363c34ae4904b1604e8e32.1756456951.git.dan.carpenter@linaro.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Dan Carpenter 2025-08-29 15:48:45 +03:00 committed by Greg Kroah-Hartman
parent 609f6debdf
commit e472f59d02
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
net/wireless/sme.c
View File

@ -915,13 +915,16 @@ void __cfg80211_connect_result(struct net_device *dev,
if (!wdev->u.client.ssid_len) { if (!wdev->u.client.ssid_len) {
rcu_read_lock(); rcu_read_lock();
for_each_valid_link(cr, link) { for_each_valid_link(cr, link) {
u32 ssid_len;
ssid = ieee80211_bss_get_elem(cr->links[link].bss, ssid = ieee80211_bss_get_elem(cr->links[link].bss,
WLAN_EID_SSID); WLAN_EID_SSID);
if (!ssid || !ssid->datalen) if (!ssid || !ssid->datalen)
continue; continue;
memcpy(wdev->u.client.ssid, ssid->data, ssid->datalen); ssid_len = min(ssid->datalen, IEEE80211_MAX_SSID_LEN);
memcpy(wdev->u.client.ssid, ssid->data, ssid_len);
wdev->u.client.ssid_len = ssid->datalen; wdev->u.client.ssid_len = ssid->datalen;
break; break;
} }