Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / f56c81fab258a68d1af87f243225d4acb44ea9c2
commitf56c81fab258a68d1af87f243225d4acb44ea9c2[log] [tgz]
authorAbhinav Kumar <abhikuma@codeaurora.org>Wed Jun 06 16:07:01 2018 +0530
committernshrivas <nshrivas@codeaurora.org>Tue Jun 19 00:27:46 2018 -0700
tree5f2c1a881fbe693dad5fe02b159d07210c6637c8
parent052ce25534123e0b275f0df123bdc8aa7c783641 [diff]
qcacld-3.0: Fix possible OOB read in wlan_hdd_cfg80211_set_ie

In case of WLAN_EID_WAPI, Host assuming that the incoming ie buffer
is at least of length (4 + 2 + akmsuiteCount * sizeof(uint32_t))
long and is not checked anywhere before accessing. Results possible
OOB read issue could occur.

Fix is to add a check for incoming buffer IEs.

Change-Id: Ia60cf8c56478b47e5f2f654f0cf77fe6bd5706e4
CRs-Fixed: 2252250
1 file changed
tree: 5f2c1a881fbe693dad5fe02b159d07210c6637c8
  1. components/
  2. configs/
  3. core/
  4. uapi/
  5. Android.mk
  6. Kbuild
  7. Kconfig
  8. Makefile
  9. README.txt