1. Patchew
  2. linux
  3. View series

[PATCH] wifi: ath12k: Fix buffer overflow in debugfs

Dan Carpenter posted 1 patch 1 year ago 
drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c | 3 +++
1 file changed, 3 insertions(+)
[PATCH] wifi: ath12k: Fix buffer overflow in debugfs
Posted by Dan Carpenter 1 year ago 
If the user tries to write more than 32 bytes then it results in memory
corruption.  Fortunately, this is debugfs so it's limitted to root users.

Fixes: 3f73c24f28b3 ("wifi: ath12k: Add support to enable debugfs_htt_stats")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c b/drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c
index 1c0d5fa39a8d..aeaf970339d4 100644
--- a/drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c
+++ b/drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c
@@ -5377,6 +5377,9 @@ static ssize_t ath12k_write_htt_stats_type(struct file *file,
 	const int size = 32;
 	int num_args;
 
+	if (count > size)
+		return -EINVAL;
+
 	char *buf __free(kfree) = kzalloc(size, GFP_KERNEL);
 	if (!buf)
 		return -ENOMEM;
-- 
2.47.2
Re: [PATCH] wifi: ath12k: Fix buffer overflow in debugfs
Posted by Jeff Johnson 1 year ago 
On Wed, 09 Apr 2025 14:01:25 +0300, Dan Carpenter wrote:
> If the user tries to write more than 32 bytes then it results in memory
> corruption.  Fortunately, this is debugfs so it's limitted to root users.
> 
> 

Applied, thanks!

[1/1] wifi: ath12k: Fix buffer overflow in debugfs
      commit: 8c7a5031a6b0d42e640fbd2d5d05f61f74e32dce

Best regards,
-- 
Jeff Johnson <jeff.johnson@oss.qualcomm.com>
Re: [PATCH] wifi: ath12k: Fix buffer overflow in debugfs
Posted by Jeff Johnson 1 year ago 
On 4/9/2025 4:01 AM, Dan Carpenter wrote:
> If the user tries to write more than 32 bytes then it results in memory
> corruption.  Fortunately, this is debugfs so it's limitted to root users.

I've fixed this in the 'pending' branch:
WARNING:TYPO_SPELLING: 'limitted' may be misspelled - perhaps 'limited'?

https://git.kernel.org/pub/scm/linux/kernel/git/ath/ath.git/commit/?h=pending&id=b49ee0380e07efa34bdc4b012df22842b7fe2825

/jeff
Re: [PATCH] wifi: ath12k: Fix buffer overflow in debugfs
Posted by Vasanthakumar Thiagarajan 1 year ago 

On 4/9/2025 4:31 PM, Dan Carpenter wrote:
> If the user tries to write more than 32 bytes then it results in memory
> corruption.  Fortunately, this is debugfs so it's limitted to root users.
> 
> Fixes: 3f73c24f28b3 ("wifi: ath12k: Add support to enable debugfs_htt_stats")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>

Thanks for the fix!

Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.