0eb2d5b02cbc425df9d27a5b73ebf191c0b34ae9 - platform/vendor/qcom-opensource/wlan/prima

commit	0eb2d5b02cbc425df9d27a5b73ebf191c0b34ae9	[log] [tgz]
author	Wilson Yang <c_yangw@qca.qualcomm.com>	Thu Oct 17 12:55:31 2013 -0700
committer	Kiet Lam <c_kietl@qca.qualcomm.com>	Fri Nov 08 15:57:20 2013 -0800
tree	a78cb71a9513a3fc324e2bb9b317257588ea5415
parent	770920c17f5ff44cc735b5eae364c1f2839c07c9 [diff]

DroidSec:Unsafe access to user space memory from kernel

function iw_ftm_setchar_getnone in wlan_hdd_ftm.c
improperly use wrqu->data.pointer to access user space memory:
1.data.pointer dereferenced as string in VOS_TRACE
2.passes data.pointer into wlan_ftm_priv_set_mac_address() referenced
  as a string containing MAC address
3.passes data.pointer into wlan_ftm_priv_set_txrate() compared to
  rateName_rateIndex_tbl[ii].rate_str (read from user space)

Change-Id: I07ae60dbe154212afe0b087f2c3a060f581baedc
CRs-fixed: 561019

CORE/HDD/src/wlan_hdd_ftm.c[diff]

1 file changed

tree: a78cb71a9513a3fc324e2bb9b317257588ea5415

CORE/
firmware_bin/
riva/
Android.mk
Kbuild
Kconfig