Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 45caf636229bcaf5af57e8afc2b092af02247924
commit45caf636229bcaf5af57e8afc2b092af02247924[log] [tgz]
authorJeff Johnson <jjohnson@codeaurora.org>Tue Jun 06 16:38:04 2017 -0700
committersnandini <snandini@codeaurora.org>Tue Jun 13 23:30:59 2017 -0700
treec13902cae8ede27afe2c27eeea27706f62a1e81d
parentf68a0591e3c09ed71a705aa140f025d8d7c9f817 [diff]
qcacld-3.0: Validate vendor scan command

Currently in __wlan_hdd_cfg80211_vendor_scan() there are several
attributes which are not properly validated, and this can lead to a
buffer overread. In order to avoid these issues:
1) Define an appropriate nla_policy and specify this policy when
   invoking nla_parse().
2) Explicitly validate the size of the attributes nested in the
   QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES attribute.

Change-Id: I1e0d9ecf87839031fbbca9616e4bae0b0c127404
CRs-Fixed: 2054773
1 file changed
tree: c13902cae8ede27afe2c27eeea27706f62a1e81d
  1. core/
  2. uapi/
  3. Android.mk
  4. Kbuild
  5. Kconfig
  6. Makefile
  7. README.txt