qcacld-3.0: Possble OOB access in hdd_set_limit_off_chan_for_tos()
Currently, in __wlan_hdd_cfg80211_set_limit_offchan_param() function after
parsing the 'tos' value from incoming netlink buffer there is no check
against the max value of tos. This tos value is passsed as an argument
to hdd_set_limit_off_chan_for_tos() function where it is using as an array
index for 'limit_off_chan_tbl' variable which is limited to HDD_MAX_AC.
This may cause out of bound access.
Add check to ensure the parsed tos value is not greater than
or equals to its max value.
Change-Id: I661af1f9559d9bec627594d119423be97978ac2c
CRs-Fixed: 2222803
1 file changed