commit 172a7c353b332e06fc0898b9790a9f9bb85c216d
author Anurag Chouhan <achouhan@codeaurora.org> Mon Sep 12 14:54:15 2016 +0530
committer qcabuildsw <qcabuildsw@localhost> Fri Sep 16 00:25:14 2016 -0700
tree a00187f227ad6cdbdf0ab68ea18f0af5cf47e5f8
parent 2c4e0a1b733bd97695dd341a921ac135c845ff05

qcacld-3.0: Add check to Validate SSID length

qcacld-2.0 to qcacld-3.0 propagation.

Validate ssid length before accessing the ssid
if the length exceeds max ssid length then return.

Change-Id: I6902a8a3edf6547cf30d37fe5e435ad4f226ac46
CRs-Fixed: 1059205

core/hdd/src/wlan_hdd_ext_scan.c

diff --git a/core/hdd/src/wlan_hdd_ext_scan.c b/core/hdd/src/wlan_hdd_ext_scan.c
index 147ace8..0a17268 100644
--- a/core/hdd/src/wlan_hdd_ext_scan.c
+++ b/core/hdd/src/wlan_hdd_ext_scan.c
@@ -4326,7 +4326,7 @@
 	struct hdd_ext_scan_context *context;
 	uint32_t request_id;
 	char ssid_string[SIR_MAC_MAX_SSID_LENGTH + 1];
-	int ssid_len, i, rem;
+	int ssid_len, i, rem, ssid_str_len;
 	QDF_STATUS status;
 	int retval;
 	unsigned long rc;
@@ -4408,9 +4408,13 @@
 			hdd_err("attr ssid failed");
 			goto fail;
 		}
-		nla_memcpy(ssid_string,
+		ssid_str_len = nla_strlcpy(ssid_string,
 			   tb2[PARAM_SSID],
 			   sizeof(ssid_string));
+		if (ssid_str_len > SIR_MAC_MAX_SSID_LENGTH) {
+			hdd_err("Invalid length exceeds max ssid length");
+			goto fail;
+		}
 		hdd_notice("SSID %s",
 		       ssid_string);
 		ssid_len = strlen(ssid_string);