Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers/net/wireless/ath/ath9k
History
Jeongjun Park b306486b29 wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() 
[ Upstream commit 8619593634cbdf5abf43f5714df49b04e4ef09ab ]

I found the following bug in my fuzzer:

  UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51
  index 255 is out of range for type 'htc_endpoint [22]'
  CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
  Workqueue: events request_firmware_work_func
  Call Trace:
   <TASK>
   dump_stack_lvl+0x180/0x1b0
   __ubsan_handle_out_of_bounds+0xd4/0x130
   htc_issue_send.constprop.0+0x20c/0x230
   ? _raw_spin_unlock_irqrestore+0x3c/0x70
   ath9k_wmi_cmd+0x41d/0x610
   ? mark_held_locks+0x9f/0xe0
   ...

Since this bug has been confirmed to be caused by insufficient verification
of conn_rsp_epid, I think it would be appropriate to add a range check for
conn_rsp_epid to htc_connect_service() to prevent the bug from occurring.

Fixes: fb9987d0f748 ("ath9k_htc: Support for AR9271 chipset.")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://patch.msgid.link/20240909103855.68006-1-aha310510@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-12-17 13:24:03 +01:00
..
ahb.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ani.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ani.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
antenna.c wifi: ath9k: fix LNA selection in ath_ant_try_scan() 2024-11-19 09:23:11 +01:00
ar953x_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar955x_1p0_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar956x_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar5008_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar5008_phy.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9001_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9002_calib.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9002_hw.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9002_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9002_mac.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9002_phy.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9002_phy.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_2p2_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_aic.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_aic.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_buffalo_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_calib.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_eeprom.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_eeprom.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_hw.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_mac.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_mac.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_mci.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_mci.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_paprd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_phy.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_phy.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_rtt.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_rtt.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9003_wow.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9330_1p1_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9330_1p2_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9340_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9462_2p0_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9462_2p1_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9485_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9565_1p0_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9565_1p1_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ar9580_1p0_initvals.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ath9k.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ath9k_pci_owl_loader.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
beacon.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
btcoex.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
btcoex.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
calib.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
calib.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
channel.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
common-beacon.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
common-beacon.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
common-debug.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
common-debug.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
common-init.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
common-init.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
common-spectral.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
common-spectral.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
common.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
common.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
debug.c Revert "wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()" 2024-11-24 00:23:10 +01:00
debug.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
debug_sta.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dfs.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dfs_debug.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dfs_debug.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dynack.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dynack.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
eeprom.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
eeprom.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
eeprom_4k.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
eeprom_9287.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
eeprom_def.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gpio.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hif_usb.c Revert "wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit" 2024-11-24 00:23:10 +01:00
hif_usb.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
htc.h wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete 2024-11-19 08:44:39 +01:00
htc_drv_beacon.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
htc_drv_debug.c wifi: ath9k: fix clang-specific fortify warnings 2024-11-18 11:43:12 +01:00
htc_drv_gpio.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
htc_drv_init.c wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete 2024-11-19 08:44:39 +01:00
htc_drv_main.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
htc_drv_txrx.c wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete 2024-11-19 08:44:39 +01:00
htc_hst.c wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() 2024-12-17 13:24:03 +01:00
htc_hst.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hw-ops.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hw.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hw.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
init.c Backport mac80211 patches from linux-6.1.y 2024-06-15 16:29:20 -03:00
Kconfig Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
link.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mac.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mac.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
main.c wifi: ath9k: work around memset overflow warning 2024-11-19 14:19:06 +01:00
Makefile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mci.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mci.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pci.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
phy.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
recv.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
reg.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
reg_aic.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
reg_mci.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
reg_wow.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
rng.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tx99.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
wmi.c wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete 2024-11-19 08:44:39 +01:00
wmi.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
wow.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xmit.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00