staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd

author Lee Gibson <leegib@gmail.com>

Mon, 1 Mar 2021 13:26:48 +0000 (13:26 +0000)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Wed, 17 Mar 2021 16:03:54 +0000 (17:03 +0100)
author Lee Gibson <leegib@gmail.com>
Mon, 1 Mar 2021 13:26:48 +0000 (13:26 +0000)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 17 Mar 2021 16:03:54 +0000 (17:03 +0100)
diff --git a/drivers/staging/rtl8712/rtl871x_cmd.c b/drivers/staging/rtl8712/rtl871x_cmd.c

index 26b618008fcfe731e77bb2b0e8ced6eb4346991e..d989229de88bddaf49d76b24d7f5772fd28daf9b 100644 (file)
--- a/drivers/staging/rtl8712/rtl871x_cmd.c
+++ b/drivers/staging/rtl8712/rtl871x_cmd.c
@@ -197,8 +197,10 @@ u8 r8712_sitesurvey_cmd(struct _adapter *padapter,
         psurveyPara->ss_ssidlen = 0;
         memset(psurveyPara->ss_ssid, 0, IW_ESSID_MAX_SIZE + 1);
         if ((pssid != NULL) && (pssid->SsidLength)) {
-               memcpy(psurveyPara->ss_ssid, pssid->Ssid, pssid->SsidLength);
-               psurveyPara->ss_ssidlen = cpu_to_le32(pssid->SsidLength);
+               int len = min_t(int, pssid->SsidLength, IW_ESSID_MAX_SIZE);
+
+               memcpy(psurveyPara->ss_ssid, pssid->Ssid, len);
+               psurveyPara->ss_ssidlen = cpu_to_le32(len);
         }
         set_fwstate(pmlmepriv, _FW_UNDER_SURVEY);
         r8712_enqueue_cmd(pcmdpriv, ph2c);
author	Lee Gibson <leegib@gmail.com>
	Mon, 1 Mar 2021 13:26:48 +0000 (13:26 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 17 Mar 2021 16:03:54 +0000 (17:03 +0100)