00b95b156979eebeed7440783b7aebbec73effe1 - platform/vendor/qcom-opensource/wlan/qcacld-3.0

commit	00b95b156979eebeed7440783b7aebbec73effe1	[log] [tgz]
author	Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>	Mon Jun 17 14:50:10 2019 +0530
committer	nshrivas <nshrivas@codeaurora.org>	Tue Jun 18 06:29:17 2019 -0700
tree	e384da7acceefd548f74e999f016d6ed8ff632dd
parent	f609871199b07176c395d0509311b323824cad30 [diff]

qcacld-3.0: Avoid info leak in spectral scan handler

In __spectral_scan_msg_handler(), payload section of input data is
type casted to driver internal structure spectral_scan_msg without
validating payload length which can lead to kernel info leak
if the payload length is less than size of spectral_scan_msg.

To fix this, avoid type-cast and return error if payload length is
less than size of spectral_scan_msg.

Change-Id: Ie7e74cc2cdcf8136582e81ffc3a088fd5a881dc9
CRs-Fixed: 2468493

core/hdd/src/wlan_hdd_spectralscan.c[diff]

1 file changed

tree: e384da7acceefd548f74e999f016d6ed8ff632dd

components/
configs/
core/
os_if/
uapi/
Android.mk
Kbuild
Kconfig
Makefile
README.txt