46ba20c1a416d47d975cb96f6a7fef273bcbc63b - platform/vendor/qcom-opensource/wlan/qcacld-3.0

commit	46ba20c1a416d47d975cb96f6a7fef273bcbc63b	[log] [tgz]
author	Varun Reddy Yeturu <varunreddy.yeturu@codeaurora.org>	Thu Aug 17 15:03:27 2017 -0700
committer	Anjaneedevi Kapparapu <akappara@codeaurora.org>	Wed Aug 30 10:42:15 2017 -0700
tree	2d3e8e314be5a7831db1f8e6bc4931ee387f0336
parent	03f2cc3fe007e9eb7780a91b45014e4848e8162e [diff]

qcacld-3.0: Add sanity check to avoid len overflow issue in WMI event data

In WMI/WMA, data from event buffer from FW is used without
sanity checks for upper limit in multiple places. This might
lead to a potential integer overflow further leading to buffer
corruption

Add upper bound checks for max limit of event buffer (1536)
in all affected places to prevent the potential integer
overflow

Change-Id: I30826bb69939bcf02ac850bd2d22ada4795b3c98
CRs-Fixed: 2091584

core/wma/src/wma_features.c[diff]
core/wma/src/wma_ocb.c[diff]
core/wma/src/wma_scan_roam.c[diff]
core/wma/src/wma_utils.c[diff]

4 files changed

tree: 2d3e8e314be5a7831db1f8e6bc4931ee387f0336

components/
core/
uapi/
Android.mk
Kbuild
Kconfig
Makefile
README.txt