[PATCH 3.13 001/163] regulatory: add NUL to alpha2

Kamal Mostafa kamal at canonical.com
Thu Oct 9 21:00:26 UTC 2014


3.13.11.9 -stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eliad Peller <eliad at wizery.com>

commit a5fe8e7695dc3f547e955ad2b662e3e72969e506 upstream.

alpha2 is defined as 2-chars array, but is used in multiple
places as string (e.g. with nla_put_string calls), which
might leak kernel data.

Solve it by simply adding an extra char for the NULL
terminator, making such operations safe.

Signed-off-by: Eliad Peller <eliadx.peller at intel.com>
Signed-off-by: Johannes Berg <johannes.berg at intel.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 include/net/regulatory.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/net/regulatory.h b/include/net/regulatory.h
index f17ed59..3e827aa 100644
--- a/include/net/regulatory.h
+++ b/include/net/regulatory.h
@@ -106,7 +106,7 @@ struct ieee80211_reg_rule {
 struct ieee80211_regdomain {
 	struct rcu_head rcu_head;
 	u32 n_reg_rules;
-	char alpha2[2];
+	char alpha2[3];
 	u8 dfs_region;
 	struct ieee80211_reg_rule reg_rules[];
 };
-- 
1.9.1





More information about the kernel-team mailing list