git.fsl.cs.sunysb.edu Git - wrapfs-5.3.y.git/commit

author	Dan Carpenter <dan.carpenter@oracle.com>
	Thu, 13 Aug 2020 14:13:15 +0000 (17:13 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 29 Oct 2020 08:03:02 +0000 (09:03 +0100)
commit	cf3627c600cf0cfd5d1edab913f54de4087b1e11
tree	cfe679d7a43b138f23577f0b008fcf26ba3e0d9d	tree \| snapshot
parent	0d35b8ae3006001f4fc260f87a1dcd81ce5f9c1c	commit \| diff

ath6kl: prevent potential array overflow in ath6kl_add_new_sta()

[ Upstream commit 54f9ab7b870934b70e5a21786d951fbcf663970f ]

The value for "aid" comes from skb->data so Smatch marks it as
untrusted. If it's invalid then it can result in an out of bounds array
access in ath6kl_add_new_sta().

Fixes: 572e27c00c9d ("ath6kl: Fix AP mode connect event parsing and TIM updates")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200813141315.GB457408@mwanda
Signed-off-by: Sasha Levin <sashal@kernel.org>