wlan: Address kernel panic due to over parsing of ini file
During driver load the ini file is parsed until END string
pattern is reached. There are chances of accessing the invalid
address if newline, carriage return characters are appended
which results in kernel panic.
This commit avoids over parsing of ini file by passing size of
the ini file to get_next_line function.
Change-Id: I136b43fcc63560b9236c5a6c5e5de958927b2900
CRs-Fixed: 763962
diff --git a/CORE/HDD/src/wlan_hdd_cfg.c b/CORE/HDD/src/wlan_hdd_cfg.c
index 6527b10..f53e85e 100644
--- a/CORE/HDD/src/wlan_hdd_cfg.c
+++ b/CORE/HDD/src/wlan_hdd_cfg.c
@@ -3219,7 +3219,7 @@
* Function returns NULL if no new line character was found before end of
* string was reached
*/
-static char* get_next_line(char* str)
+static char* get_next_line(char* str, char *str_end)
{
char c;
@@ -3230,6 +3230,10 @@
c = *str;
while(c != '\n' && c != '\0' && c != 0xd) {
str = str + 1;
+ if (str > str_end)
+ {
+ return str;
+ }
c = *str;
}
@@ -3362,7 +3366,7 @@
* So validating if the return pointer is not greater than the end
* buffer address and modifying the buffer value.
*/
- line = get_next_line(buffer);
+ line = get_next_line(buffer, (pTemp + (fw->size-1)));
if(line > (pTemp + fw->size)) {
hddLog(VOS_TRACE_LEVEL_FATAL, "%s: INI file seems to be corrupted",
__func__);