012e7b7836e939f4aedfeb4a77c4f8f7b7b2499a - platform/vendor/qcom-opensource/wlan/qcacld-3.0

commit	012e7b7836e939f4aedfeb4a77c4f8f7b7b2499a	[log] [tgz]
author	Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>	Thu Mar 14 21:54:43 2019 +0530
committer	nshrivas <nshrivas@codeaurora.org>	Tue Mar 19 13:03:12 2019 -0700
tree	a541e7c6dfc56194303442f0b71a21b18ddee459
parent	51f3f90a1ca9ae22e431985e9311fb7195e964f8 [diff]

qcacld-3.0: Avoid out of bounds access in testmode_cmd

While processing cfg80211 callback testmode_cmd(), size of vendor
attribute TM_ATTR_DATA is not validated against the maximum length
but type casted to the internally defined structure pmo_lphb_req.
This can lead to out of bounds access if the size of attr is less than
size of pmo_lphb_req.

To address this, validate size of TM_ATTR_DATA.

Change-Id: I83b18d0935ebc6139644c02a9e51ef25a12b9176
CRs-Fixed: 2411653

core/hdd/src/wlan_hdd_cfg80211.c[diff]

1 file changed

tree: a541e7c6dfc56194303442f0b71a21b18ddee459

components/
configs/
core/
os_if/
uapi/
Android.mk
Kbuild
Kconfig
Makefile
README.txt