Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / c42ed5caf56b34b70b97358da51f13d3b526848e
commitc42ed5caf56b34b70b97358da51f13d3b526848e[log] [tgz]
authorJeff Johnson <jjohnson@codeaurora.org>Wed Jun 07 06:41:37 2017 -0700
committersnandini <snandini@codeaurora.org>Tue Jun 13 23:31:01 2017 -0700
tree02854048d48a3045ea00ab7b3ee3622041e4130a
parent45caf636229bcaf5af57e8afc2b092af02247924 [diff]
qcacld-3.0: Validate vendor abort scan command

In __wlan_hdd_vendor_abort_scan(), nla_parse() is invoked without
specifying a policy. This can result in a buffer overread when
processing the QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE attribute. To avoid
this issue use the existing "scan_policy" when invoking nla_parse().

Change-Id: Ia3e5cb7535bf0f700399e4a49c9c5da362a3ccf6
CRs-Fixed: 2054775
1 file changed
tree: 02854048d48a3045ea00ab7b3ee3622041e4130a
  1. core/
  2. uapi/
  3. Android.mk
  4. Kbuild
  5. Kconfig
  6. Makefile
  7. README.txt