[PATCH v2] wifi: ath12k: Fix buffer overflow when scanning with extraie
Wen Gong
quic_wgong at quicinc.com
Thu Aug 10 01:14:43 PDT 2023
On 8/10/2023 4:09 PM, Sven Eckelmann wrote:
> On Thursday, 10 August 2023 06:31:02 CEST Wen Gong wrote:
>> On 8/10/2023 2:16 AM, Jeff Johnson wrote:
>>> On 8/9/2023 10:31 AM, Jeff Johnson wrote:
>>>> On 8/9/2023 1:12 AM, Wen Gong wrote:
>> [...]
>>>> Reviewed-by: Jeff Johnson <quic_jjohnson at quicinc.com>
>>> Wen, can you please add a Fixes: tag since based upon the discussion
>>> you actually observed a crash
>>>
>> Jeff, do you mean I should add the crash call stack or other thing in
>> this patch?
> I think a reference to the commit which is fixed should be added.
>
>> The crash is observed by Sven Eckelmann <sven at narfation.org> on 07 Dec
>> 2021 here:
>> Subject: Re: [PATCH] ath11k: enable
>> IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN6855
>> https://lore.kernel.org/linux-wireless/3267805.el9kkjlfUZ@ripper/
> This was for ath11k. See my patch for it in
> https://lore.kernel.org/r/20211207142913.1734635-1-sven@narfation.org
> So I doubt that it is ok to add the same backtrace for an ath12k commit.
>
> And if I compare both patches, it looks to me that you don't handle the
> params->extraie.len > 16 bit (see WMI_TLV_LEN) in ath12k.
>
> Kind regards,
> Sven
I added similar check here:
[v2] wifi: ath12k: add check max message length while scanning with extraie
https://patchwork.kernel.org/project/linux-wireless/patch/20230809081657.13858-1-quic_wgong@quicinc.com/
More information about the ath12k
mailing list