[PATCH v2 0/2] wifi: libertas: fix OOB reads from firmware response fields

[Tristan Madani]

From: Tristan Madani <tristan at talencesecurity.com>

Hi Johannes,

Note: this is a v2 resubmission. The original was sent via Gmail which
caused HTML rendering issues. This version uses git send-email for
proper plain-text formatting.

Two issues in libertas where firmware-controlled fields are used as
buffer offsets without validation:

Proposed fixes in the following patches.

Thanks,
Tristan