On Mon, 2011-06-06 at 22:30 +0300, Luciano Coelho wrote: > In both trigger_scan and sched_scan operations, we were checking for > the SSID length before assigning the value correctly. Since the > memory was just kzalloc'ed, the check was always failing and SSID with > over 32 characters were allowed to go through. > > This was causing a buffer overflow when copying the actual SSID to the > proper place. > > This bug has been there since 2.6.29-rc4. > > Backported from commit 208c72f4fe44fe09577e7975ba0e7fa0278f3d03. > > Cc: [email protected] > Signed-off-by: Luciano Coelho <[email protected]> > Signed-off-by: John W. Linville <[email protected]> > ---
FWIW, this patch applies cleanly on all stable kernels at least as far back as 2.6.35, probably even earlier. -- Cheers, Luca. _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
