Home Esplora Aiuto
Accedi
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

qcacmn: Fix possible buffer overflow in send_stats_ext_req_cmd_tlv

In the function __wlan_hdd_cfg80211_stats_ext_request,
data_len is recieved from vendor command and is passed ultimately
to send_stats_ext_req_cmd_tlv.  In send_stats_ext_req_cmd_tlv, len
is calculated as sum of sizeof(*cmd), WMI_TLV_HDR_SIZE,
preq->request_data_len.The len is of type uint16_t
and adding sizeof(*cmd) + WMI_TLV_HDR_SIZE will cause a buffer
overflow.

Changed the datatype of len to size_t so that it doesn't overflow.

Change-Id: I6618042e3c60bbdb1ff5d833188f4bdb4832da7a
CRs-Fixed: 2243169
Pragaspathi Thilagaraj 6 anni fa
parent
1e8e057a77
commit
e449244e9f
1 ha cambiato i file con 1 aggiunte e 1 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 1 1
      wmi/src/wmi_unified_tlv.c

+ 1 - 1
wmi/src/wmi_unified_tlv.c
Vedi File 

@@ -9294,7 +9294,7 @@ static QDF_STATUS send_stats_ext_req_cmd_tlv(wmi_unified_t wmi_handle,
 
 	QDF_STATUS ret;
 
 	wmi_req_stats_ext_cmd_fixed_param *cmd;
 
 	wmi_buf_t buf;
 
-	uint16_t len;
 
+	size_t len;
 
 	uint8_t *buf_ptr;
 
 
 	len = sizeof(*cmd) + WMI_TLV_HDR_SIZE + preq->request_data_len;