commit | 00b95b156979eebeed7440783b7aebbec73effe1 | [log] [tgz] |
---|---|---|
author | Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org> | Mon Jun 17 14:50:10 2019 +0530 |
committer | nshrivas <nshrivas@codeaurora.org> | Tue Jun 18 06:29:17 2019 -0700 |
tree | e384da7acceefd548f74e999f016d6ed8ff632dd | |
parent | f609871199b07176c395d0509311b323824cad30 [diff] |
qcacld-3.0: Avoid info leak in spectral scan handler In __spectral_scan_msg_handler(), payload section of input data is type casted to driver internal structure spectral_scan_msg without validating payload length which can lead to kernel info leak if the payload length is less than size of spectral_scan_msg. To fix this, avoid type-cast and return error if payload length is less than size of spectral_scan_msg. Change-Id: Ie7e74cc2cdcf8136582e81ffc3a088fd5a881dc9 CRs-Fixed: 2468493