airo: Fix read overflows sending packets (72fdc57d) · Commits · Android-smartphones / realme / x50 pro / kernel source / kernel 11 / kernel R

Commit 72fdc57d authored May 27, 2020 by Dan Carpenter Committed by bgman111111 Jun 15, 2022

airo: Fix read overflows sending packets



commit 11e7a91994c29da96d847f676be023da6a2c1359 upstream.

The problem is that we always copy a minimum of ETH_ZLEN (60) bytes from
skb->data even when skb->len is less than ETH_ZLEN so it leads to a read
overflow.

The fix is to pad skb->data to at least ETH_ZLEN bytes.

Cc: <stable@vger.kernel.org>
Reported-by: Hu Jiahui <kirin.say@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200527184830.GA1164846@mwanda


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent fd3ab14d

Hide whitespace changes

Inline Side-by-side

Please register or to comment