qcacmn: Add sanity check to avoid len overflow issue in WMI event data
In WMI/WMA, data from event buffer from FW is used without sanity checks for upper limit in multiple places. This might lead to a potential integer overflow further leading to buffer corruption Add upper bound checks for max limit of event buffer (1536) in all affected places to prevent the potential integer overflow Change-Id: Ic9194a27c4a4c63fc68ff7fc61165a53e66ca4f4 CRs-Fixed: 2095545
This commit is contained in:
Varun Reddy Yeturu
کامیت شده توسط
snandini
snandini
والد
de5223472b
کامیت
c799752ca9
@@ -12447,6 +12447,13 @@ static QDF_STATUS send_log_supported_evt_cmd_tlv(wmi_unified_t wmi_handle,
|
||||
if (wmi_handle->events_logs_list)
|
||||
qdf_mem_free(wmi_handle->events_logs_list);
|
||||
|
||||
if (num_of_diag_events_logs >
|
||||
(WMI_SVC_MSG_MAX_SIZE / sizeof(uint32_t))) {
|
||||
WMI_LOGE("%s: excess num of logs:%d", __func__,
|
||||
num_of_diag_events_logs);
|
||||
QDF_ASSERT(0);
|
||||
return QDF_STATUS_E_INVAL;
|
||||
}
|
||||
/* Store the event list for run time enable/disable */
|
||||
wmi_handle->events_logs_list = qdf_mem_malloc(num_of_diag_events_logs *
|
||||
sizeof(uint32_t));
|
||||
|
||||
مرجع در شماره جدید
Block a user