Laura Abbott <[email protected]> wrote: > Nicolas Waisman noticed that even though noa_len is checked for > a compatible length it's still possible to overrun the buffers > of p2pinfo since there's no check on the upper bound of noa_num. > Bound noa_num against P2P_MAX_NOA_NUM. > > Reported-by: Nicolas Waisman <[email protected]> > Signed-off-by: Laura Abbott <[email protected]> > Acked-by: Ping-Ke Shih <[email protected]>
Patch applied to wireless-drivers.git, thanks. 8c55dedb795b rtlwifi: Fix potential overflow on P2P code -- https://patchwork.kernel.org/patch/11198315/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
