Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / vendor / qcom-opensource / wlan / prima / 68edfc74abc8315073f358308562f362c4a368fb
commit68edfc74abc8315073f358308562f362c4a368fb[log] [tgz]
authorNishank Aggarwal <naggar@codeaurora.org>Thu Jan 12 14:32:02 2017 +0530
committerDirk Vogt <dirk@fairphone.com>Mon Mar 13 19:18:16 2017 +0100
tree429513bb95a71b2b386fb6e9553f4d4fd262c477
parent0f06d8acb6c9b34858ffbfb75c96666785d1edce [diff]
qcacld-2.0: Fix buffer overflow in WLANSAP_Set_WPARSNIes()

Currently In WLANSAP_Set_WPARSNIes() the parameter WPARSNIEsLen
is user-controllable and never validates which uses as the length
for a memory copy. This enables user-space applications to corrupt
heap memory and potentially crash the kernel.

Fix is to validate the WPARSNIes length to its max before use as the
length for a memory copy.

FPIIM-526
FPII-2976

Change-Id: I7aff731aeae22bfd84beb955439a799abef37f68
CRs-Fixed: 1102648
1 file changed
tree: 429513bb95a71b2b386fb6e9553f4d4fd262c477
  1. CORE/
  2. firmware_bin/
  3. riva/
  4. Android.mk
  5. Kbuild
  6. Kconfig
  7. Makefile