prima: Validate pkt buffer size In function parse_Bufferforpkt, pkt data index is not validated. This may lead to a buffer overflow if the incoming buffer is too large. Validate packet buffer length with the total allowed pkt buffer size. Change-Id: I9b9ffa592cbe3a0d87af3cbbef3608bc59e01cfc CRs-Fixed: 1092599

commit: 5830f146399ac9bc827abb811bd06920a8ff1506 [log] [tgz]
author: Manjeet Singh <c_manjee@qti.qualcomm.com> Mon Nov 21 18:21:17 2016 +0530
committer: Anjaneedevi Kapparapu <akappa@codeaurora.org> Tue Nov 29 15:58:55 2016 +0530
tree: a3a516036bfabe4ecd9ff8ee6cd595df7c35ba5e
parent: 6354476ebd85be798d7e4083fe9f2dbfe9c9306a [diff] [blame]
diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index e4249e3..1be6e67 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c

@@ -4024,6 +4024,9 @@
     length += getByte(&temp) << 8;
     hddLog(VOS_TRACE_LEVEL_INFO,"Payload length : %d", length);
 
+    if (length >= WLAN_DISA_MAX_PAYLOAD_SIZE)
+        length = WLAN_DISA_MAX_PAYLOAD_SIZE;
+
     pkt->data.length = length;
 
     for (i = 0; i< length; i++) {
commit	5830f146399ac9bc827abb811bd06920a8ff1506	[log] [tgz]
author	Manjeet Singh <c_manjee@qti.qualcomm.com>	Mon Nov 21 18:21:17 2016 +0530
committer	Anjaneedevi Kapparapu <akappa@codeaurora.org>	Tue Nov 29 15:58:55 2016 +0530
tree	a3a516036bfabe4ecd9ff8ee6cd595df7c35ba5e
parent	6354476ebd85be798d7e4083fe9f2dbfe9c9306a [diff] [blame]