qcacld-3.0: Fix possible buffer overread in wma_set_epno_network_list

In the function wma_set_epno_network_list, req->networks[i].ssid.ssId is copied into the destination params->networks[i].ssid.mac_ssid. But the ssid length is not considered while copying and WMI_MAC_MAX_SSID_LENGTH is used as the length for copying. This might result in possible buffer overread if the ssid length is not WMI_MAC_MAX_SSID_LENGTH. Similar issue is seen in wma_pno_start also. Use pno->aNetworks[i].ssId.length as the size to mem copy the ssid to the destination ssid buffer. Change-Id: Id3f579da97e398663b7d583f5f46d4671eabeae3 CRs-Fixed: 2233682
2018-05-04 19:16:00 +05:30
--- a/core/wma/src/wma_scan_roam.c
+++ b/core/wma/src/wma_scan_roam.c
@@ -5166,7 +5166,7 @@ QDF_STATUS wma_set_epno_network_list(tp_wma_handle wma,
 					req->networks[i].ssid.length;
 			qdf_mem_copy(params->networks[i].ssid.mac_ssid,
 					req->networks[i].ssid.ssId,
-					WMI_MAC_MAX_SSID_LENGTH);
+					req->networks[i].ssid.length);
 		}
 	}