Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacld-3.0: Avoid buffer overflow in llstats debugfs response

Currently driver does not subtract the already filled length
from the max available length when it copies the number of
radios to the llstats result buffer which may lead to buffer
overflow.

To address this issue subtract already filled length from the
max available length when driver copies the number of radios.

Change-Id: Ie3b93121df603bd65250f0b0a49bb049d353211d
CRs-Fixed: 2969637
Ashish Kumar Dhanotiya 3 years ago
parent
db89706c88
commit
d11dc596a5
1 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2 2
      core/hdd/src/wlan_hdd_debugfs_llstat.c

+ 2 - 2
core/hdd/src/wlan_hdd_debugfs_llstat.c
View File 

@@ -236,8 +236,8 @@ void hdd_debugfs_process_radio_stats(struct hdd_adapter *adapter,
 
 
 	buffer = ll_stats.result;
 
 	buffer += ll_stats.len;
 
-	len = scnprintf(buffer, DEBUGFS_LLSTATS_BUF_SIZE,
 
-			 "\n\n===LL_STATS_RADIO: number of radios: %u===",
 
+	len = scnprintf(buffer, DEBUGFS_LLSTATS_BUF_SIZE - ll_stats.len,
 
+			"\n\n===LL_STATS_RADIO: number of radios: %u===",
 
 			  num_radio);
 
 
 	for (i = 0; i < num_radio; i++) {