staging/rtl8192e: userspace ptr deref + incorrect declarations
authorDominique van den Broeck <domdevlin@free.fr>
Sun, 4 May 2014 14:46:27 +0000 (16:46 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 23 May 2014 11:25:54 +0000 (20:25 +0900)
. userspace pointer dereference ;

These issues have been fixed by a concurrent patch:
. missing inclusions of needed header files (fixed by concurrent patch);
. unrequired static function declaration (confusing another *.c file).

Signed-off-by: Dominique van den Broeck <domdevlin@free.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/rtl8192e/rtl8192e/rtl_wx.c

index de7609716435dbb760532d612d4747468235cb83..52870041fcb7fb7d025b8e8f84ade246d9ebe3ac 100644 (file)
@@ -1131,11 +1131,18 @@ static int r8192_wx_set_PromiscuousMode(struct net_device *dev,
        struct r8192_priv *priv = rtllib_priv(dev);
        struct rtllib_device *ieee = priv->rtllib;
 
-       u32 *info_buf = (u32 *)(wrqu->data.pointer);
+       u32 info_buf[3];
 
-       u32 oid = info_buf[0];
-       u32 bPromiscuousOn = info_buf[1];
-       u32 bFilterSourceStationFrame = info_buf[2];
+       u32 oid;
+       u32 bPromiscuousOn;
+       u32 bFilterSourceStationFrame;
+
+       if (copy_from_user(info_buf, wrqu->data.pointer, sizeof(info_buf)))
+               return -EFAULT;
+
+       oid = info_buf[0];
+       bPromiscuousOn = info_buf[1];
+       bFilterSourceStationFrame = info_buf[2];
 
        if (OID_RT_INTEL_PROMISCUOUS_MODE == oid) {
                ieee->IntelPromiscuousModeInfo.bPromiscuousOn =