Home Esplora Aiuto
Accedi
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

qcacld-3.0: Fix possible OOB read in wlan_hdd_get_sap_obss

A possible out-of-bound read can happen in the hdd function
wlan_hdd_get_sap_obss. To fix it, pass the proper length.

Change-Id: I698f71314e0e164cc729942294dcabb37d362245
CRs-Fixed: 2851927
Abdul Muqtadeer Ahmed 4 anni fa
parent
61b5f98183
commit
a164b1acd9
1 ha cambiato i file con 2 aggiunte e 2 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 2 2
      core/hdd/src/wlan_hdd_hostapd.c

+ 2 - 2
core/hdd/src/wlan_hdd_hostapd.c
Vedi File 

@@ -3795,8 +3795,8 @@ static bool wlan_hdd_get_sap_obss(struct hdd_adapter *adapter)
 
 	mac_handle = hdd_ctx->mac_handle;
 
 	ie = wlan_get_ie_ptr_from_eid(WLAN_EID_HT_CAPABILITY,
 
 				      beacon->tail, beacon->tail_len);
 
-	if (ie && ie[1]) {
 
-		qdf_mem_copy(ht_cap_ie, &ie[2], DOT11F_IE_HTCAPS_MAX_LEN);
 
+	if (ie && ie[1] && (ie[1] <= DOT11F_IE_HTCAPS_MAX_LEN)) {
 
+		qdf_mem_copy(ht_cap_ie, &ie[2], ie[1]);
 
 		ret = dot11f_unpack_ie_ht_caps(MAC_CONTEXT(mac_handle),
 
 					       ht_cap_ie, ie[1],
 
 					       &dot11_ht_cap_ie, false);