FPII-2416 : Elevation of privilege vulnerability in Qualcomm Wi-Fi driver
CVE-2016-6676 A-30874066
There is a possibility of buffer overflow while processing GET_CFG IOCTLto retrieve ini parameters from a global array because of an invalid bounds check.
The fix is designed to fix the bounds checks to prevent the buffer overflow
Change-Id: I5711540046951991e70647614f9c75ca6ae6f759
diff --git a/CORE/HDD/src/wlan_hdd_cfg.c b/CORE/HDD/src/wlan_hdd_cfg.c
index 735a914..6b03c49 100644
--- a/CORE/HDD/src/wlan_hdd_cfg.c
+++ b/CORE/HDD/src/wlan_hdd_cfg.c
@@ -3704,7 +3704,7 @@
// ideally we want to return the config to the application
// however the config is too big so we just printk() for now
#ifdef RETURN_IN_BUFFER
- if (curlen <= buflen)
+ if (curlen < buflen)
{
// copy string + '\0'
memcpy(pCur, configStr, curlen+1);