DroidSec:Unsafe access to user space memory from kernel
function iw_ftm_setchar_getnone in wlan_hdd_ftm.c
improperly use wrqu->data.pointer to access user space memory:
1.data.pointer dereferenced as string in VOS_TRACE
2.passes data.pointer into wlan_ftm_priv_set_mac_address() referenced
as a string containing MAC address
3.passes data.pointer into wlan_ftm_priv_set_txrate() compared to
rateName_rateIndex_tbl[ii].rate_str (read from user space)
Change-Id: I07ae60dbe154212afe0b087f2c3a060f581baedc
CRs-fixed: 561019
1 file changed