Skip to content
Commit 17c8129e authored by Rebecca Mckeever's avatar Rebecca Mckeever Committed by Greg Kroah-Hartman
Browse files

staging: rtl8192u: change get_key functions to return 0 instead of -1 



Currently, these three get_key functions return -1 when the provided len
value is less a specific key length value, which can result in buffer
overflow depending on how the returned value is used. These functions are
used in three places in ieee80211/ieee80211_wx.c:

  ieee80211_wx_get_encode() :
    The behavior of this function will be unchanged.

  ieee80211_wx_get_encode_ext() :
    The result of the get_key function is written to ext->key_len,
    resulting in a buffer overflow if the result is negative.

  ieee80211_wx_set_encode() :
    The behavior of this function will change. When len is less than the
    key length value, it will set a default key of all 0.

Suggested-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarRebecca Mckeever <remckee0@gmail.com>
Link: https://lore.kernel.org/r/Yl/7QPKXer7YtXOs@bertie


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 55de6cb7
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment