DroidSec: Input not checked in function wlan_ftm_priv_set_mac_address
Input string buf is unvalidated user input passed in from
iw_ftm_setchar_getnone, a private ftm sub-ioctl function.
The string was copied from user space by the IOCTL dispatcher,
but its contents were not previously validated. buf is parsed
by sscanf to get a MAC address but the return value from sscanf
is not checked to verify that a properly formatted string was input.
The unvalidated parsed values are then sent to the WLAN module.
Change-Id: Ia9b10c3d30a05eeb69e5496bebf4a1e899f167a8
CRs-fixed: 553483
1 file changed