staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd

author Lee Gibson <leegib@gmail.com>

Mon, 1 Mar 2021 13:26:48 +0000 (13:26 +0000)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Wed, 10 Mar 2021 08:23:28 +0000 (09:23 +0100)
author Lee Gibson <leegib@gmail.com>
Mon, 1 Mar 2021 13:26:48 +0000 (13:26 +0000)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 10 Mar 2021 08:23:28 +0000 (09:23 +0100)
diff --git a/drivers/staging/rtl8712/rtl871x_cmd.c b/drivers/staging/rtl8712/rtl871x_cmd.c

index 18116469bd31636532e28ab8858726202969db65..75716f59044d9c76458ceb4816fb232157f21da1 100644 (file)
--- a/drivers/staging/rtl8712/rtl871x_cmd.c
+++ b/drivers/staging/rtl8712/rtl871x_cmd.c
@@ -192,8 +192,10 @@ u8 r8712_sitesurvey_cmd(struct _adapter *padapter,
         psurveyPara->ss_ssidlen = 0;
         memset(psurveyPara->ss_ssid, 0, IW_ESSID_MAX_SIZE + 1);
         if (pssid && pssid->SsidLength) {
-               memcpy(psurveyPara->ss_ssid, pssid->Ssid, pssid->SsidLength);
-               psurveyPara->ss_ssidlen = cpu_to_le32(pssid->SsidLength);
+               int len = min_t(int, pssid->SsidLength, IW_ESSID_MAX_SIZE);
+
+               memcpy(psurveyPara->ss_ssid, pssid->Ssid, len);
+               psurveyPara->ss_ssidlen = cpu_to_le32(len);
         }
         set_fwstate(pmlmepriv, _FW_UNDER_SURVEY);
         r8712_enqueue_cmd(pcmdpriv, ph2c);
author	Lee Gibson <leegib@gmail.com>
	Mon, 1 Mar 2021 13:26:48 +0000 (13:26 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 10 Mar 2021 08:23:28 +0000 (09:23 +0100)