ce8fd1a4a9ba42d469b499c4adf8745258328492 - third_party/kernel

commit	ce8fd1a4a9ba42d469b499c4adf8745258328492	[log] [tgz]
author	Dan Carpenter <dan.carpenter@oracle.com>	Wed May 27 21:48:30 2020 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Sun Jun 07 13:17:54 2020 +0200
tree	ff5daa0c8557db187748019192899a594779c684
parent	28d6453add540a3b568760ac271a17b3dcc68916 [diff]

airo: Fix read overflows sending packets

commit 11e7a91994c29da96d847f676be023da6a2c1359 upstream.

The problem is that we always copy a minimum of ETH_ZLEN (60) bytes from
skb->data even when skb->len is less than ETH_ZLEN so it leads to a read
overflow.

The fix is to pad skb->data to at least ETH_ZLEN bytes.

Cc: <stable@vger.kernel.org>
Reported-by: Hu Jiahui <kirin.say@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200527184830.GA1164846@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/net/wireless/cisco/airo.c[diff]

1 file changed

tree: ff5daa0c8557db187748019192899a594779c684