qcacld-3.0: OOB access may occur due to total numChannels exceeds max value
Out of Buffer access may occur in wmi_get_buf_extscan_start_cmd() function if user provided inputs are different for below parameters which are assigned in hdd_extscan_start_fill_bucket_channel_spec() function 1. QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_NUM_CHANNEL_SPECS 2. QCA_WLAN_VENDOR_ATTR_EXTSCAN_CHANNEL_SPEC To address this issue return failure status if numChannels is not equal to the total number of channel entries. Change-Id: I60d74161dc3752bd7f609af3910d7c86a99488ec CRs-Fixed: 2255189
This commit is contained in:
Dundi Raviteja
@@ -3042,6 +3042,11 @@ static int hdd_extscan_start_fill_bucket_channel_spec(
|
|||||||
total_channels++;
|
total_channels++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (j != req_msg->buckets[bkt_index].numChannels) {
|
||||||
|
hdd_err("Input parameters didn't match");
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
hdd_extscan_update_dwell_time_limits(
|
hdd_extscan_update_dwell_time_limits(
|
||||||
req_msg, bkt_index,
|
req_msg, bkt_index,
|
||||||
min_dwell_time_active_bucket,
|
min_dwell_time_active_bucket,
|
||||||
|
|||||||
Reference in New Issue
Block a user