commit | df0571af31dfb7e36145223e0b079b4f1e1468f0 | [log] [tgz] |
---|---|---|
author | Vignesh Viswanathan <viswanat@codeaurora.org> | Tue Nov 28 17:39:08 2017 +0530 |
committer | snandini <snandini@codeaurora.org> | Wed Nov 29 09:26:18 2017 -0800 |
tree | e1ea573b3690f06a6c6d974a6b73172ccbd30480 | |
parent | ad7eded05e6aaae89864c5aa3d25055c42f41d02 [diff] |
qcacld-3.0: Fix buffer overwrite due to ssid_len in WMA handlers In multiple WMA event handler functions, ssid_len is used to copy ssid from FW buffer to local buffer and ssid_len value is received from the FW. If the ssid_len value exceeds SIR_MAC_MAX_SSID_LENGTH then a buffer overwrite would occur. Add sanity check for ssid_len against SIR_MAC_MAX_SSID_LENGTH in multiple WMA handler functions Change-Id: I9e4b1f88c275093b4912496cdb936cf54a8880a2 CRs-Fixed: 2149531