On Mon, Feb 10, 2020 at 12:02:33PM -0600, Larry Finger wrote:
> In routine wpa_supplicant_ioctl(), the user-controlled p->length is
> checked to be at least the size of struct ieee_param size, but the code
> does not detect the case where p->length is greater than the size
> of the struct, thus a m
In routine wpa_supplicant_ioctl(), the user-controlled p->length is
checked to be at least the size of struct ieee_param size, but the code
does not detect the case where p->length is greater than the size
of the struct, thus a malicious user could be wasting kernel memory.
Fixes commit 554c0a3abf2
