Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacld-3.0: Validate number of bytes before memory allocation

Currently, In function hdd_get_roam_scan_ch_cb memory
is allocated for event response buffer for invalid len.

Fix is to add a validation check for len before alloction
of memory to avoid memory allocation for invalid len.

Change-Id: I14cffdace868fc19358322c36dd2589d7845b8fa
CRs-Fixed: 2640114
sheenam monga 5 years ago
parent
b90da07418
commit
a89f7ed3a3
1 changed files with 4 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      core/hdd/src/wlan_hdd_ioctl.c

+ 4 - 0
core/hdd/src/wlan_hdd_ioctl.c
View File 

@@ -4025,6 +4025,10 @@ void hdd_get_roam_scan_ch_cb(hdd_handle_t hdd_handle,
 
 	 */
 
 	if (!roam_ch->command_resp) {
 
 		len = roam_ch->num_channels * sizeof(roam_ch->chan_list[0]);
 
+		if (!len) {
 
+			hdd_err("Invalid len");
 
+			return;
 
+		}
 
 		event = (uint8_t *)qdf_mem_malloc(len);
 
 		if (!event) {
 
 			hdd_err("Failed to alloc event response buf vdev_id: %d",