From 7d3120478eb9eba1ae87b123296152c74d44c640 Mon Sep 17 00:00:00 2001 From: Kiran Kumar Lokere Date: Wed, 19 Sep 2018 16:55:34 -0700 Subject: [PATCH] qcacmn: Fix the possible OOB access in channel avoid event Fix the possible out of bound access while processing the channel avoid frequency event from FW. Change-Id: Ib49df0ebd785944b7cbbfa5927613887dd35d9ff CRs-Fixed: 2308629 --- wmi_unified_tlv.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wmi_unified_tlv.c b/wmi_unified_tlv.c index bcb976b706..8f9829613c 100644 --- a/wmi_unified_tlv.c +++ b/wmi_unified_tlv.c @@ -20915,6 +20915,10 @@ static QDF_STATUS extract_reg_ch_avoid_event_tlv( WMI_LOGE("Invalid channel avoid indication buffer"); return QDF_STATUS_E_INVAL; } + if (param_buf->num_avd_freq_range < afr_fixed_param->num_freq_ranges) { + WMI_LOGE(FL("no.of freq ranges exceeded the limit")); + return QDF_STATUS_E_INVAL; + } num_freq_ranges = (afr_fixed_param->num_freq_ranges > CH_AVOID_MAX_RANGE) ? CH_AVOID_MAX_RANGE : afr_fixed_param->num_freq_ranges;