Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / vendor / qcom-opensource / wlan / prima / 7d6a1b5503b61571bde18cd0b6d1a238472ce56c
commit7d6a1b5503b61571bde18cd0b6d1a238472ce56c[log] [tgz]
authorNishank Aggarwal <naggar@codeaurora.org>Tue Mar 14 15:02:24 2017 +0800
committerJeron Susan <jeron.susan@hi-p.com>Tue Mar 14 15:02:31 2017 +0800
tree480ea81ac7c72229a9f8dcffecfb537fbeb1079c
parentb049eaf182388273263ed33c1ea589a32461d133 [diff]
FPII-2976 :Elevation of privilege vulnerability in Qualcomm Wi-Fi driver CVE-2017-6424 A-32086742 QC-CR#1102648

qcacld-2.0: Fix buffer overflow in WLANSAP_Set_WPARSNIes()
Currently In WLANSAP_Set_WPARSNIes() the parameter WPARSNIEsLen
is user-controllable and never validates which uses as the length
for a memory copy. This enables user-space applications to corrupt
heap memory and potentially crash the kernel.

Fix is to validate the WPARSNIes length to its max before use as the
length for a memory copy.

Change-Id: I7aff731aeae22bfd84beb955439a799abef37f68
CRs-Fixed: 1102648

Change-Id: I096ef5f34784f88697dbe39e8ac7a163abe6b7a3
1 file changed
tree: 480ea81ac7c72229a9f8dcffecfb537fbeb1079c
  1. CORE/
  2. firmware_bin/
  3. riva/
  4. Android.mk
  5. Kbuild
  6. Kconfig
  7. Makefile