Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

iwlwifi: mvm: check sta_id/drain values in debugfs

The station ID must be valid, if it's out of range then
the array access may crash. Validate the station ID to
the array length, and also validate the drain value even
if that doesn't matter all that much.

Cc: stable@vger.kernel.org
Fixes: 8ca151b568b6 ("iwlwifi: add the MVM driver")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Johannes Berg 12 years ago
parent
9d8506cc2d
commit
60765a47a4
1 changed files with 4 additions and 0 deletions
Unified View Show Diff Stats
  1. 4 0
      drivers/net/wireless/iwlwifi/mvm/debugfs.c

+ 4 - 0
drivers/net/wireless/iwlwifi/mvm/debugfs.c
View File 

@@ -119,6 +119,10 @@ static ssize_t iwl_dbgfs_sta_drain_write(struct file *file,
 
 
 
 	if (sscanf(buf, "%d %d", &sta_id, &drain) != 2)
 
 	if (sscanf(buf, "%d %d", &sta_id, &drain) != 2)
 
 		return -EINVAL;
 
 		return -EINVAL;
 
+	if (sta_id < 0 || sta_id >= IWL_MVM_STATION_COUNT)
 
+		return -EINVAL;
 
+	if (drain < 0 || drain > 1)
 
+		return -EINVAL;
 
 
 
 	mutex_lock(&mvm->mutex);
 
 	mutex_lock(&mvm->mutex);