Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacld-3.0: Fix OOB read in hdd_populate_wifi_signal_info

While handling ll stats information there is a possibility
of OOB read in hdd_populate_wifi_signal_info api as
FW is giving num_chan info as uint_32 and host has
saved into int_32 type variable which may lead to an
extremely large positive number which is getting used as
index of for loop to populate signal info in skp which may
lead to OOB read.

Change-Id: I032eb465db30ee9e3a7ba0c4f017ed781264c47d
CRs-fixed: 2383605
Ashish Kumar Dhanotiya 6 years ago
parent
f880346d29
commit
5d2f25a1c4
1 changed files with 3 additions and 3 deletions
Split View Show Diff Stats
  1. 3 3
      core/mac/inc/sir_api.h

+ 3 - 3
core/mac/inc/sir_api.h
View File 

@@ -3909,9 +3909,9 @@ struct sir_wifi_peer_signal_stats {
 
 	/* Background noise */
 
 	int32_t nf[WIFI_MAX_CHAINS];
 
 
-	int32_t per_ant_rx_mpdus[WIFI_MAX_CHAINS];
 
-	int32_t per_ant_tx_mpdus[WIFI_MAX_CHAINS];
 
-	int32_t num_chain;
 
+	uint32_t per_ant_rx_mpdus[WIFI_MAX_CHAINS];
 
+	uint32_t per_ant_tx_mpdus[WIFI_MAX_CHAINS];
 
+	uint32_t num_chain;
 
 };
 
 
 #define WIFI_VDEV_NUM           4