aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcm <cesar.maximo@gmail.com>2016-09-18 20:59:40 +0100
committerMoyster <oysterized@gmail.com>2016-11-11 02:45:18 +0100
commit9ca4665f7f2411dc66445c84c07e5a7d87adbde3 (patch)
treeaac22ea26e469940709dc79b4118e4ce1b22d077
parent75febbc95d63fa1a9c1dad107b3dc4bf582488d4 (diff)
Fix "Security Vulnerability - kernel info leak of wifi driver"
Diffstat
-rwxr-xr-xdrivers/misc/mediatek/connectivity/conn_soc/drv_wlan/mt_wifi/wlan/os/linux/gl_wext_priv.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/drivers/misc/mediatek/connectivity/conn_soc/drv_wlan/mt_wifi/wlan/os/linux/gl_wext_priv.c b/drivers/misc/mediatek/connectivity/conn_soc/drv_wlan/mt_wifi/wlan/os/linux/gl_wext_priv.c
index 5fb145f24..1a98dc81f 100755
--- a/drivers/misc/mediatek/connectivity/conn_soc/drv_wlan/mt_wifi/wlan/os/linux/gl_wext_priv.c
+++ b/drivers/misc/mediatek/connectivity/conn_soc/drv_wlan/mt_wifi/wlan/os/linux/gl_wext_priv.c
@@ -1601,14 +1601,21 @@ priv_get_int (
case PRIV_CMD_GET_DEBUG_CODE:
{
- wlanQueryDebugCode(prGlueInfo->prAdapter);
+ wlanQueryDebugCode(prGlueInfo->prAdapter);
- kalMemSet(gucBufDbgCode, '.', sizeof(gucBufDbgCode));
- if (copy_to_user(prIwReqData->data.pointer, gucBufDbgCode, prIwReqData->data.length)) {
- return -EFAULT;
- }
- else
- return status;
+ kalMemSet(gucBufDbgCode, '.', sizeof(gucBufDbgCode));
+
+ u4BufLen = prIwReqData->data.length;
+
+ if (prIwReqData->data.length > sizeof(gucBufDbgCode))
+ u4BufLen = sizeof(gucBufDbgCode);
+
+ if (copy_to_user(prIwReqData->data.pointer, gucBufDbgCode, u4BufLen)) {
+ return -EFAULT;
+ }
+ else {
+ return status;
+ }
}
default:
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-14 00:45:39 +0000