Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qca-wifi-host-cmn / f155c675e56f678b63279d6c04d98c5e32082f55
commitf155c675e56f678b63279d6c04d98c5e32082f55[log] [tgz]
authorJeff Johnson <jjohnson@codeaurora.org>Mon Jun 12 10:42:48 2017 -0700
committersnandini <snandini@codeaurora.org>Mon Jun 26 11:07:16 2017 -0700
tree601eaa25cd84b6de9a967f2cc4bd05ae847ada09
parent340c0d890365962966c493e01bb5436c5eb40518 [diff]
qcacmn: Validate vendor abort scan command

In wlan_vendor_abort_scan(), nla_parse() is invoked without specifying
a policy. This can result in a buffer overread when processing the
QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE attribute. To avoid this issue
introduce a "scan_policy" (replicated from qcacld-3.0) and use this
policy when invoking nla_parse().

Change-Id: Ia3e5cb7535bf0f700399e4a49c9c5da362a3ccf6
CRs-Fixed: 2059857
1 file changed
tree: 601eaa25cd84b6de9a967f2cc4bd05ae847ada09
  1. dp/
  2. global_lmac_if/
  3. hal/
  4. hif/
  5. htc/
  6. init_deinit/
  7. os_if/
  8. pld_stub/
  9. pmo/
  10. qdf/
  11. scheduler/
  12. target_if/
  13. umac/
  14. utils/
  15. wlan_cfg/
  16. wmi/
  17. README.txt
  18. VERSION.txt