| commit | 011904f038362be7fbc78984b2dce76c17516f4b | [log] [tgz] |
|---|---|---|
| author | Yeshwanth Sriram Guntuka <ysriramg@codeaurora.org> | Fri Apr 20 14:36:30 2018 +0530 |
| committer | nshrivas <nshrivas@codeaurora.org> | Wed May 16 10:26:06 2018 -0700 |
| tree | 2b7f200128b7c511b6fd6fe94a58c85dd0d1263b | |
| parent | e4a51146871b83b2a46dfa75a975b4e5a2d6f357 [diff] |
qcacld-3.0: Possible buffer overflow in wma_nan_rsp_event_handler Check for nan rsp data len does not take TLV header size into account which could lead to buffer overflow when copying data where TLV header size is taken into account. Fix is to subtract TLV header size and wmi_nan_event_hdr size from max allowed size when validating nan rsp data length. Change-Id: I341779a33ed218fdda5d008e949ced0c8cf05590 CRs-Fixed: 2227248