f71b48e5051f8551536221ae9c9b8335a0ec436b - platform/vendor/qcom-opensource/wlan/qcacld-3.0

commit	f71b48e5051f8551536221ae9c9b8335a0ec436b	[log] [tgz]
author	Yeshwanth Sriram Guntuka <ysriramg@codeaurora.org>	Fri Apr 20 15:18:08 2018 +0530
committer	nshrivas <nshrivas@codeaurora.org>	Tue May 15 03:21:26 2018 -0700
tree	399452c0ae238b60e201d47e52a7a1ea3a83600c
parent	33942c4344279b1f762aa7fec19a983133c51346 [diff]

qcacld-3.0: Possible buffer overflow in wma_stats_ext_event_handler

Check for stats ext info data len does not take TLV header
size into account which could lead to buffer overflow
when copying data where TLV header size is taken into
account.

Fix is to subtract TLV header size and stats_ext_info
size from max allowed size when validating stats ext
info data length.

Change-Id: I34e35a0aab396af3d93a0f61e0ab6a2da09f22ab
CRs-Fixed: 2227263

core/wma/src/wma_utils.c[diff]

1 file changed

tree: 399452c0ae238b60e201d47e52a7a1ea3a83600c

components/
core/
uapi/
Android.mk
Kbuild
Kconfig
Makefile
README.txt