Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / df0571af31dfb7e36145223e0b079b4f1e1468f0
commitdf0571af31dfb7e36145223e0b079b4f1e1468f0[log] [tgz]
authorVignesh Viswanathan <viswanat@codeaurora.org>Tue Nov 28 17:39:08 2017 +0530
committersnandini <snandini@codeaurora.org>Wed Nov 29 09:26:18 2017 -0800
treee1ea573b3690f06a6c6d974a6b73172ccbd30480
parentad7eded05e6aaae89864c5aa3d25055c42f41d02 [diff]
qcacld-3.0: Fix buffer overwrite due to ssid_len in WMA handlers

In multiple WMA event handler functions, ssid_len is used to copy
ssid from FW buffer to local buffer and ssid_len value is received
from the FW. If the ssid_len value exceeds SIR_MAC_MAX_SSID_LENGTH
then a buffer overwrite would occur.

Add sanity check for ssid_len against SIR_MAC_MAX_SSID_LENGTH in
multiple WMA handler functions

Change-Id: I9e4b1f88c275093b4912496cdb936cf54a8880a2
CRs-Fixed: 2149531
1 file changed
tree: e1ea573b3690f06a6c6d974a6b73172ccbd30480
  1. components/
  2. core/
  3. uapi/
  4. Android.mk
  5. Kbuild
  6. Kconfig
  7. Makefile
  8. README.txt