Inicio Explorar Axuda
Iniciar sesión
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

qcacld-3.0: Resolve out of bound memory access while processing VSIEs

Currently elem_len is not checked against WPS_OUI_TYPE_SIZE
before it uses the buffer for memcmp, this may cause the buffer
overread.

To fix this add the proper comparision logic before the API uses
the buffer.

Change-Id: I9ba63543a529fb88932500be39045fcc19509863
CRs-Fixed: 2061159
Ashish Kumar Dhanotiya %!s(int64=7) %!d(string=hai) anos
pai
a9c2a5260a
achega
ff252beffa
Modificáronse 1 ficheiros con 1 adicións e 1 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 1 1
      core/hdd/src/wlan_hdd_hostapd.c

+ 1 - 1
core/hdd/src/wlan_hdd_hostapd.c
Ver ficheiro 

@@ -6688,7 +6688,7 @@ static void wlan_hdd_add_hostapd_conf_vsie(hdd_adapter_t *pHostapdAdapter,
 
 		elem_id = ptr[0];
 
 		elem_len = ptr[1];
 
 		left -= 2;
 
-		if (elem_len > left) {
 
+		if (elem_len > left || elem_len < WPS_OUI_TYPE_SIZE) {
 
 			hdd_err("**Invalid IEs eid: %d elem_len: %d left: %d**",
 
 				elem_id, elem_len, left);
 
 			return;