1. Patchew
  2. linux
  3. View series

[PATCH] wifi: ath12k: Fix buffer overflow in debugfs

Dan Carpenter posted 1 patch 10 months ago 
drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c | 3 +++
1 file changed, 3 insertions(+)
[PATCH] wifi: ath12k: Fix buffer overflow in debugfs
Posted by Dan Carpenter 10 months ago 
If the user tries to write more than 32 bytes then it results in memory
corruption.  Fortunately, this is debugfs so it's limitted to root users.

Fixes: 3f73c24f28b3 ("wifi: ath12k: Add support to enable debugfs_htt_stats")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c b/drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c
index 1c0d5fa39a8d..aeaf970339d4 100644
--- a/drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c
+++ b/drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c
@@ -5377,6 +5377,9 @@ static ssize_t ath12k_write_htt_stats_type(struct file *file,
 	const int size = 32;
 	int num_args;
 
+	if (count > size)
+		return -EINVAL;
+
 	char *buf __free(kfree) = kzalloc(size, GFP_KERNEL);
 	if (!buf)
 		return -ENOMEM;
-- 
2.47.2
Re: [PATCH] wifi: ath12k: Fix buffer overflow in debugfs
Posted by Jeff Johnson 10 months ago 
On Wed, 09 Apr 2025 14:01:25 +0300, Dan Carpenter wrote:
> If the user tries to write more than 32 bytes then it results in memory
> corruption.  Fortunately, this is debugfs so it's limitted to root users.
> 
> 

Applied, thanks!

[1/1] wifi: ath12k: Fix buffer overflow in debugfs
      commit: 8c7a5031a6b0d42e640fbd2d5d05f61f74e32dce

Best regards,
-- 
Jeff Johnson <jeff.johnson@oss.qualcomm.com>
Re: [PATCH] wifi: ath12k: Fix buffer overflow in debugfs
Posted by Jeff Johnson 10 months ago 
On 4/9/2025 4:01 AM, Dan Carpenter wrote:
> If the user tries to write more than 32 bytes then it results in memory
> corruption.  Fortunately, this is debugfs so it's limitted to root users.

I've fixed this in the 'pending' branch:
WARNING:TYPO_SPELLING: 'limitted' may be misspelled - perhaps 'limited'?

https://git.kernel.org/pub/scm/linux/kernel/git/ath/ath.git/commit/?h=pending&id=b49ee0380e07efa34bdc4b012df22842b7fe2825

/jeff
Re: [PATCH] wifi: ath12k: Fix buffer overflow in debugfs
Posted by Vasanthakumar Thiagarajan 10 months ago 

On 4/9/2025 4:31 PM, Dan Carpenter wrote:
> If the user tries to write more than 32 bytes then it results in memory
> corruption.  Fortunately, this is debugfs so it's limitted to root users.
> 
> Fixes: 3f73c24f28b3 ("wifi: ath12k: Add support to enable debugfs_htt_stats")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>

Thanks for the fix!

Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.