Laura Abbott <labb...@redhat.com> wrote: > Nicolas Waisman noticed that even though noa_len is checked for > a compatible length it's still possible to overrun the buffers > of p2pinfo since there's no check on the upper bound of noa_num. > Bound noa_num against P2P_MAX_NOA_NUM. > > Reported-by: Nicolas Waisman <n...@semmle.com> > Signed-off-by: Laura Abbott <labb...@redhat.com> > Acked-by: Ping-Ke Shih <pks...@realtek.com>
Patch applied to wireless-drivers.git, thanks. 8c55dedb795b rtlwifi: Fix potential overflow on P2P code -- https://patchwork.kernel.org/patch/11198315/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
