wlan: OOB access may occur due to total numChannels exceeds max value
Out of Buffer access may occur in wmi_get_buf_extscan_start_cmd()
function if user provided inputs are different for below parameters
which are assigned in hdd_extscan_start_fill_bucket_channel_spec()
function
1. QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_NUM_CHANNEL_SPECS
2. QCA_WLAN_VENDOR_ATTR_EXTSCAN_CHANNEL_SPEC
To address this issue return failure status if numChannels is not
equal to the total number of channel entries.
Change-Id: I60d74161dc3752bd7f609af3910d7c86a99488ec
CRs-Fixed: 2349232
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index d70b5e3..62ac453 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -5081,6 +5081,11 @@
j++;
}
+ if (j != pReqMsg->buckets[bktIndex].numChannels) {
+ hddLog(LOG1, FL("Input parameters didn't match"));
+ return -EINVAL;
+ }
+
bktIndex++;
}