FPII-2416 : Elevation of privilege vulnerability in Qualcomm Wi-Fi driver CVE-2016-6676 A-30874066 There is a possibility of buffer overflow while processing GET_CFG IOCTLto retrieve ini parameters from a global array because of an invalid bounds check. The fix is designed to fix the bounds checks to prevent the buffer overflow Change-Id: I5711540046951991e70647614f9c75ca6ae6f759

commit: a242d2a37ee52365035ceeff0078528c8a55b051 [log] [tgz]
author: Teow Wan Yee <wy.teow@hi-p.com> Mon Sep 19 13:53:02 2016 +0800
committer: Jeron Susan <jeron.susan@hi-p.com> Fri Sep 23 09:40:52 2016 +0800
tree: df6912f11941c8c779e769a306c032eff1ab9432
parent: 43884a42fc4afda81f397e5dfd63741cab08882e [diff]
diff --git a/CORE/HDD/src/wlan_hdd_cfg.c b/CORE/HDD/src/wlan_hdd_cfg.c
index 735a914..6b03c49 100644
--- a/CORE/HDD/src/wlan_hdd_cfg.c
+++ b/CORE/HDD/src/wlan_hdd_cfg.c

@@ -3704,7 +3704,7 @@
       // ideally we want to return the config to the application
       // however the config is too big so we just printk() for now
 #ifdef RETURN_IN_BUFFER
-      if (curlen <= buflen)
+      if (curlen < buflen)
       {
          // copy string + '\0'
          memcpy(pCur, configStr, curlen+1);
commit	a242d2a37ee52365035ceeff0078528c8a55b051	[log] [tgz]
author	Teow Wan Yee <wy.teow@hi-p.com>	Mon Sep 19 13:53:02 2016 +0800
committer	Jeron Susan <jeron.susan@hi-p.com>	Fri Sep 23 09:40:52 2016 +0800
tree	df6912f11941c8c779e769a306c032eff1ab9432
parent	43884a42fc4afda81f397e5dfd63741cab08882e [diff]