samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Add SSID length boundary check while processing vendor scan request

Browse Source 
While extracting SSID from nl attributes, Currently there is
no boundary check for max and min length. Hence host causes
buffer overflow.

As a part of this fix, Add ssid array boundary check to avoid
buffer overflow.

CRs-Fixed: 1069298
Change-Id: I395be358f7bf3f23bb9453d1ed6c3dc9025f4aab
This commit is contained in:
SaidiReddy Yenuga
2016-09-21 13:44:35 +05:30
committed by Prakash Dhavali
parent bc17724e7a
commit 89c58d2137
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/hdd/src/wlan_hdd_scan.c
View File

@@ -2012,6 +2012,12 @@ static int __wlan_hdd_cfg80211_vendor_scan(struct wiphy *wiphy,
nla_for_each_nested(attr, tb[QCA_WLAN_VENDOR_ATTR_SCAN_SSIDS],
tmp) {
request->ssids[count].ssid_len = nla_len(attr);
if (request->ssids[count].ssid_len >
SIR_MAC_MAX_SSID_LENGTH) {
hdd_err("SSID Len %d is not correct for network %d",
request->ssids[count].ssid_len, count);
goto error;
}
memcpy(request->ssids[count].ssid, nla_data(attr),
nla_len(attr));
count++;