Halaman utama Jelajahi Bantuan
Masuk
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Jelajahi Sumber

qcacmn: Fix Uninitialized byte sent to FW in wmi_unified_cmd_send

In wmi_unified_cmd_send, the skb head is pushed by size of WMI_CMD_HDR
and then the commandId is initialized in the header. However 1 byte of
reserved memory in the WMI_CMD_HDR is not initialized and is sent to
the FW as it is and this might lead to exposure of 1 byte of kernel
memory to FW.

Initialize the WMI_CMD_HDR to zero once the skb head is pushed and
then set the commandId in the header.

Change-Id: I89fd5401105cd9c61674a63aac5aa88fb20cc41a
CRs-Fixed: 2257688
Vignesh Viswanathan 6 tahun lalu
induk
d460329ba2
melakukan
c352d60731
1 mengubah file dengan 1 tambahan dan 0 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 1 0
      wmi/src/wmi_unified.c

+ 1 - 0
wmi/src/wmi_unified.c
Tampilan Berkas 

@@ -1387,6 +1387,7 @@ QDF_STATUS wmi_unified_cmd_send(wmi_unified_t wmi_handle, wmi_buf_t buf,
 
 		return QDF_STATUS_E_NOMEM;
 
 	}
 
 
+	qdf_mem_zero(qdf_nbuf_data(buf), sizeof(WMI_CMD_HDR));
 
 	WMI_SET_FIELD(qdf_nbuf_data(buf), WMI_CMD_HDR, COMMANDID, cmd_id);
 
 
 	qdf_atomic_inc(&wmi_handle->pending_cmds);