qcacmn: Add check for buffer overflow and null pointer dereference
There is a chance for null pointer dereference for num_eht_user_info_valid and array out of bounds for eht_user_info. Add checks for both the cases as it may cause crash. Change-Id: Icb5235612a1225b9991c99519b5ee49536c577bc CRs-Fixed: 3426873
This commit is contained in:
Aravind Kishore Sukla
committed by
Madan Koyyalamudi
Madan Koyyalamudi
parent
9064b44469
commit
a3a4e67eed
@@ -242,6 +242,8 @@ enum wsc_op_code {
|
||||
#define MAX_CHAIN 8
|
||||
#define QDF_MON_STATUS_MPDU_FCS_BMAP_NWORDS 8
|
||||
|
||||
#define EHT_USER_INFO_LEN 4
|
||||
|
||||
/**
|
||||
* typedef qdf_nbuf_queue_t - Platform independent packet queue abstraction
|
||||
*/
|
||||
@@ -512,7 +514,7 @@ struct mon_rx_status {
|
||||
uint32_t usig_mask;
|
||||
uint32_t eht_known;
|
||||
uint32_t eht_data[6];
|
||||
uint32_t eht_user_info[4];
|
||||
uint32_t eht_user_info[EHT_USER_INFO_LEN];
|
||||
#ifdef QCA_UNDECODED_METADATA_SUPPORT
|
||||
uint32_t phyrx_abort:1,
|
||||
phyrx_abort_reason:8,
|
||||
|
||||
Reference in New Issue
Block a user