Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 4126db0a4773213b633b9f2b7f929aa7ca7da4a5
commit4126db0a4773213b633b9f2b7f929aa7ca7da4a5[log] [tgz]
authorVignesh Viswanathan <viswanat@codeaurora.org>Tue Sep 12 16:04:15 2017 +0530
committersnandini <snandini@codeaurora.org>Mon Sep 18 12:21:57 2017 -0700
treeeb84151b0ef9d4578658ab297e7a2ba257be18ec
parent4dc66a5b8b5a7adbfd1e0dc3ae5b22b87ed6d871 [diff]
qcacld-3.0: Fix out-of-bounds access in lim_process_action_vendor_specific

Currently in the function lim_process_action_vendor_specific, mem_cmp
is done on the received frame pointer without validating the frame_len
which could lead to out-of-bounds memory access if the frame_len is
not matching the size of action_hdr.

Add check to validate the frame_len with action_hdr size before doing
mem_cmp for the p2p oui.

Change-Id: I39329d1a9ef45614d3c617db11a7a7f5ec2aaaec
CRs-Fixed: 2101439
1 file changed
tree: eb84151b0ef9d4578658ab297e7a2ba257be18ec
  1. components/
  2. core/
  3. uapi/
  4. Android.mk
  5. Kbuild
  6. Kconfig
  7. Makefile
  8. README.txt