WSL2-Linux-Kernel/drivers/staging/vt6655
Xi Wang 2a58b19fd9 staging: vt6655: integer overflows in private_ioctl()
There are two potential integer overflows in private_ioctl() if
userspace passes in a large sList.uItem / sNodeList.uItem.  The
subsequent call to kmalloc() would allocate a small buffer, leading
to a memory corruption.

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-30 19:29:40 +09:00
..
80211hdr.h
80211mgr.c
80211mgr.h
IEEE11h.c
IEEE11h.h
Kconfig
Makefile
TODO
aes_ccmp.c
aes_ccmp.h
baseband.c
baseband.h
bssdb.c
bssdb.h
card.c
card.h
channel.c
channel.h
country.h
datarate.c
datarate.h
desc.h
device.h
device_cfg.h
device_main.c staging:vt6656: iwctl.c: Removed unneeded function 2011-11-30 19:25:50 +09:00
dpc.c
dpc.h
hostap.c
hostap.h
iocmd.h
ioctl.c staging: vt6655: integer overflows in private_ioctl() 2011-11-30 19:29:40 +09:00
ioctl.h
iowpa.h
iwctl.c staging:vt6656: iwctl.c: Removed unneeded function 2011-11-30 19:25:50 +09:00
iwctl.h staging:vt6656: iwctl.c: Removed unneeded function 2011-11-30 19:25:50 +09:00
key.c
key.h
mac.c
mac.h
mib.c
mib.h
michael.c
michael.h
power.c
power.h
rc4.c
rc4.h
rf.c
rf.h
rxtx.c
rxtx.h
srom.c
srom.h
tcrc.c
tcrc.h
test
tether.c
tether.h
tkip.c
tkip.h
tmacro.h
ttype.h
upc.h
vntconfiguration.dat
vntwifi.c
vntwifi.h
wcmd.c
wcmd.h
wctl.c
wctl.h
wmgr.c
wmgr.h
wpa.c
wpa.h
wpa2.c
wpa2.h
wpactl.c
wpactl.h
wroute.c
wroute.h