7068d82e1e9fedcccdef19b64227bfb07663dc52 - platform/hardware/qcom/wlan

commit	7068d82e1e9fedcccdef19b64227bfb07663dc52	[log] [tgz]
author	Mohammad Asaad Akram <asadkrm@codeaurora.org>	Tue Dec 29 11:46:32 2020 +0530
committer	Mohammad Asaad Akram <asadkrm@codeaurora.org>	Wed Feb 03 08:09:59 2021 +0530
tree	1606a621b68c14f703959828320bf33799cfc4c9
parent	907f50448985fb19c517b2e6cd36e18e1be5802c [diff]

wifihal: Fix possible buffer-overflow during TLV read

The function NANTLV_ReadTlv currently doesn't checks if the
amount of bytes in the TLV buffer is bigger than what is
encoded within the TLVs.

This commit adds checks for the availability of the buffer
before reading the incoming TLVs.

Change-Id: I0336ebbdcdc5db949ee275e22895ec83cdcafcc8
CRs-Fixed: 2836493

qcwcn/wifi_hal/nan.cpp[diff]
qcwcn/wifi_hal/nan_i.h[diff]
qcwcn/wifi_hal/nan_ind.cpp[diff]
qcwcn/wifi_hal/nan_rsp.cpp[diff]

4 files changed

tree: 1606a621b68c14f703959828320bf33799cfc4c9

cld80211-lib/
qcwcn/
wcnss-service/
Android.mk