samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Prevent overread of SSID in hdd_fill_pmksa_info()

Browse Source 
Currently when transferring SSID information from the nl80211 TLV to
the internal data structure hdd_fill_pmksa_info() always copies
SIR_MAC_MAX_SSID_LENGTH bytes which can overread the buffer. In order
to prevent overread only copy as many bytes as the TLV contains.

Note that the destination buffer passed to hdd_fill_pmksa_info() is
always zero-filled so no additional zeroing of bytes is required.

Change-Id: I1f6773b70e9e728d6b1ce93ca26417348e96844c
CRs-Fixed: 2237462
This commit is contained in:
Jeff Johnson
2018-05-07 12:50:46 -07:00
committed by nshrivas
parent 606c86caac
commit 9c749db62c
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/hdd/src/wlan_hdd_cfg80211.c
View File

@@ -20837,8 +20837,7 @@ static void hdd_fill_pmksa_info(tPmkidCacheInfo *pmk_cache,
qdf_mem_copy(pmk_cache->BSSID.bytes,
pmksa->bssid, QDF_MAC_ADDR_SIZE);
} else {
qdf_mem_copy(pmk_cache->ssid, pmksa->ssid,
SIR_MAC_MAX_SSID_LENGTH);
qdf_mem_copy(pmk_cache->ssid, pmksa->ssid, pmksa->ssid_len);
qdf_mem_copy(pmk_cache->cache_id, pmksa->cache_id,
CACHE_ID_LEN);
pmk_cache->ssid_len = pmksa->ssid_len;