Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qca-wifi-host-cmn / ab6c10d3bdba099b456886aa44ceb0ebdaebb799
commitab6c10d3bdba099b456886aa44ceb0ebdaebb799[log] [tgz]
authorHarprit Chhabada <harpritchhabada@codeaurora.org>Wed Oct 31 10:52:34 2018 -0700
committernshrivas <nshrivas@codeaurora.org>Tue Nov 06 16:16:11 2018 -0800
treeade93562e9ddab4c46ac1f7735cc02b4fff6c7f5
parentdc949c59bea39fc3042944b112afbe192a48f2ba [diff]
qcacmn: Fix OOB read in util_scan_gen_scan_entry

qdf_mem_copy() is called in util_scan_gen_scan_entry() to copy the ssid
into scan_entry using a length of WLAN_SSID_MAX_LEN. Because the length
of ssid is only checked against the maximum value this will result
in an OOB read of up to WLAN_SSID_MAX_LEN bytes.

Change-Id: I150e7c7a75e7134cab1c4abeb799578166400461
CRs-Fixed: 2341004
1 file changed
tree: ade93562e9ddab4c46ac1f7735cc02b4fff6c7f5
  1. cfg/
  2. dp/
  3. ftm/
  4. global_lmac_if/
  5. hal/
  6. hif/
  7. htc/
  8. init_deinit/
  9. os_if/
  10. qal/
  11. qdf/
  12. scheduler/
  13. spectral/
  14. target_if/
  15. umac/
  16. utils/
  17. wbuff/
  18. wlan_cfg/
  19. wmi/
  20. README.txt
  21. VERSION.txt