qcacmn: Fix buffer overflow when radiotap header is larger than available headroom
The condition which detects if the length of the radiotap header is greater than the available headroom in the skb is incorrect. Correction to check if sufficient headroom is available for updating the radiotap header. Change-Id: I71c140c6af415678efe66cff2f16b8cabc62697a CRs-Fixed: 2047909
这个提交包含在:
@@ -2748,7 +2748,7 @@ unsigned int qdf_nbuf_update_radiotap(struct mon_rx_status *rx_status,
|
||||
}
|
||||
rthdr->it_len = cpu_to_le16(rtap_len);
|
||||
|
||||
if ((headroom_sz - rtap_len) < 0) {
|
||||
if (headroom_sz < rtap_len) {
|
||||
qdf_print("ERROR: not enough space to update radiotap\n");
|
||||
return 0;
|
||||
}
|
||||
|
在新工单中引用
屏蔽一个用户