Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / cf88e3afefd238b63453f3a2890fc8df4ed6203f
commitcf88e3afefd238b63453f3a2890fc8df4ed6203f[log] [tgz]
authorRajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>Tue May 29 16:17:43 2018 +0530
committernshrivas <nshrivas@codeaurora.org>Thu Jun 14 02:56:10 2018 -0700
tree33bce74ec73f83090b195c1c6cfd7ff6a7c9bd5a
parent85561670546abaea3eb226cff4a86fa566c78af3 [diff]
qcacld-3.0: Avoid buffer over-read in vendor scan

While processing QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN,
scan randomization attributes: SCAN_MAC and SCAN_MAC_MASK are not
validated using nla_policy for a minimum length check of
MAC_ADDR_SIZE (6 bytes) which can result in buffer over-read.

To address this, add nla_policy for randomization attributes.

Change-Id: I872e221b951809ca1e5c60b867be52b9fa738ddd
CRs-Fixed: 2232745
1 file changed
tree: 33bce74ec73f83090b195c1c6cfd7ff6a7c9bd5a
  1. components/
  2. configs/
  3. core/
  4. uapi/
  5. Android.mk
  6. Kbuild
  7. Kconfig
  8. Makefile
  9. README.txt