qcacmn: Fix possible OOB read in extract_reg_cap_service_ready_ext_tlv
OOB read can occur while handling WMI_SERVICE_READY_EXT_EVENTID event when large invalid num_phy received in that event, as this value is used as index to array. Change-Id: I0e80d04d19160e219028b07599a8b9953a798fb2 CRs-Fixed: 2374726
This commit is contained in:
@@ -9337,6 +9337,9 @@ static QDF_STATUS extract_reg_cap_service_ready_ext_tlv(
|
||||
if (!reg_caps)
|
||||
return QDF_STATUS_E_INVAL;
|
||||
|
||||
if (reg_caps->num_phy > param_buf->num_hal_reg_caps)
|
||||
return QDF_STATUS_E_INVAL;
|
||||
|
||||
if (phy_idx >= reg_caps->num_phy)
|
||||
return QDF_STATUS_E_INVAL;
|
||||
|
||||
|
Viittaa uudesa ongelmassa
Block a user