From 4ca5218e3939685c2325fc0a0a1ac8150272c93f Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 29 Mar 2012 09:43:54 +0300 Subject: [PATCH] Staging: vt6655-6: check keysize before memcpy() We need to check the we don't copy too much memory. This comes from a copy_from_user() in the ioctl. Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman --- drivers/staging/vt6655/key.c | 3 +++ drivers/staging/vt6656/key.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/drivers/staging/vt6655/key.c b/drivers/staging/vt6655/key.c index 0ff8d7bbf2a7..774b0d4a7e06 100644 --- a/drivers/staging/vt6655/key.c +++ b/drivers/staging/vt6655/key.c @@ -655,6 +655,9 @@ bool KeybSetDefaultKey ( return (false); } + if (uKeyLength > MAX_KEY_LEN) + return false; + pTable->KeyTable[MAX_KEY_TABLE-1].bInUse = true; for(ii=0;iiKeyTable[MAX_KEY_TABLE-1].abyBSSID[ii] = 0xFF; diff --git a/drivers/staging/vt6656/key.c b/drivers/staging/vt6656/key.c index 27bb523c8a97..ee62a06a75f4 100644 --- a/drivers/staging/vt6656/key.c +++ b/drivers/staging/vt6656/key.c @@ -684,6 +684,9 @@ BOOL KeybSetDefaultKey( return (FALSE); } + if (uKeyLength > MAX_KEY_LEN) + return false; + pTable->KeyTable[MAX_KEY_TABLE-1].bInUse = TRUE; for (ii = 0; ii < ETH_ALEN; ii++) pTable->KeyTable[MAX_KEY_TABLE-1].abyBSSID[ii] = 0xFF; -- 2.39.5