Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 96e0e702ec38f7d308cef8ae40cc73ecb96b775b
commit96e0e702ec38f7d308cef8ae40cc73ecb96b775b[log] [tgz]
authorVignesh Viswanathan <viswanat@codeaurora.org>Tue Dec 05 19:42:46 2017 +0530
committersnandini <snandini@codeaurora.org>Tue Dec 12 21:27:28 2017 -0800
treed428e3f89c369589acd7913380485759655760c6
parent3b0c91e96e5e4e29b7ddb8b0c1a21b3e97464a70 [diff]
qcacld-3.0: Fix potential buffer overflow in wlan_hdd_cfg80211_set_ie

In function wlan_hdd_cfg80211_set_ie, RSN IE is parsed and copied
into the buffer  for length eLen + 2.
However, the buffer WPARSNIE is allocated only for
size. If eLen + 2 is greater than MAX_WPA_RSN_IE_LEN, a buffer overflow
would occur.

Add sanity check to make sure eLen does not exceed MAX_WPA_RSN_IE_LEN - 2.
Also increase the size of  to 255 as per the spec

Change-Id: Ibf44e8dc1010e6e32b2262357d3aa180926d5c99
CRs-Fixed: 2154216
2 files changed
tree: d428e3f89c369589acd7913380485759655760c6
  1. components/
  2. core/
  3. uapi/
  4. Android.mk
  5. Kbuild
  6. Kconfig
  7. Makefile
  8. README.txt