Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacld-3.0: Fix buffer overflow in hdd_hard_start_xmit

Check STAID value returned by hdd_get_transmit_sta_id against MAX_STA,
before accessing array based on STAID index.

Change-Id: I4ac88e3d95f425ddc3a8690ef5333e0a4e67d328
CRs-Fixed: 1050083
Naveen Rawat 8 years ago
parent
d17105a98b
commit
209d09342f
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      core/hdd/src/wlan_hdd_tx_rx.c

+ 1 - 1
core/hdd/src/wlan_hdd_tx_rx.c
View File 

@@ -390,7 +390,7 @@ int hdd_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
 
 	STAId = HDD_WLAN_INVALID_STA_ID;
 
 
 	hdd_get_transmit_sta_id(pAdapter, pDestMacAddress, &STAId);
 
-	if (STAId == HDD_WLAN_INVALID_STA_ID) {
 
+	if (STAId >= WLAN_MAX_STA_COUNT) {
 
 		hddLog(LOGE, "Invalid station id, transmit operation suspended");
 
 		goto drop_pkt;
 
 	}