0b1da04c883406f01a20933cdbf7330d342bb58f - platform/vendor/qcom-opensource/wlan/qcacld-3.0

commit	0b1da04c883406f01a20933cdbf7330d342bb58f	[log] [tgz]
author	Abhinav Kumar <abhikuma@codeaurora.org>	Mon Sep 17 18:07:27 2018 +0530
committer	nshrivas <nshrivas@codeaurora.org>	Thu Oct 11 14:02:06 2018 -0700
tree	8ecb61713342b0b9f1c66550fd75b0bd6d2fa146
parent	f7e1fe1799c0c9b8a2b4c0ceef795aba7ab5cf4e [diff]

qcacld-3.0: Fix possible OOB read in proc_dnld_rsp

In proc_dnld_rsp, pHdr->sBufSize is coming from fw message
which could not be trusted. Before its use it should proc_dnld_rsp
should verify it against its max allowed size (UINT_MAX).

Fix is to add a sanity check for pHdr->sBufSize against UINT_MAX
before its use.

Change-Id: I6ec970483af860d5e42d6adac640274743f44f1a
CRs-Fixed: 2308333

core/mac/src/cfg/cfg_proc_msg.c[diff]

1 file changed

tree: 8ecb61713342b0b9f1c66550fd75b0bd6d2fa146

components/
configs/
core/
uapi/
Android.mk
Kbuild
Kconfig
Makefile
README.txt