Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 9ac358963336b850692de0534f0a44910ce4fafe
commit9ac358963336b850692de0534f0a44910ce4fafe[log] [tgz]
authorNishank Aggarwal <naggar@codeaurora.org>Mon Jan 30 15:32:32 2017 +0530
committerqcabuildsw <qcabuildsw@localhost>Tue Jan 31 00:13:38 2017 -0800
tree47cccb832aadbe93a26f70051c8e761885f218c3
parentd642bbf1e6f09bce33b8f18e1d690ed7a3f6297b [diff]
qcacld-3.0: Fix buffer overflow in WLANSAP_Set_WPARSNIes()

qcacld-2.0 to qcacld-3.0 propagation

Currently In WLANSAP_Set_WPARSNIes() the parameter WPARSNIEsLen
is user-controllable and never validates which uses as the length
for a memory copy. This enables user-space applications to corrupt
heap memory and potentially crash the kernel.

Fix is to validate the WPARSNIes length to its max before use as the
length for a memory copy.

Change-Id: I7aff731aeae22bfd84beb955439a799abef37f68
CRs-Fixed: 1102648
1 file changed
tree: 47cccb832aadbe93a26f70051c8e761885f218c3
  1. core/
  2. uapi/
  3. Android.mk
  4. Kbuild
  5. Kconfig
  6. Makefile
  7. README.txt