android_kernel_samsung_sm8650-modules

samsung-sm8650/android_kernel_samsung_sm8650-modules

Go to file

Rajeev Kumar 67f5b87203 qcacld-3.0: Fix buffer overread & overflow in P2P LO handler

Currently in __wlan_hdd_cfg80211_p2p_lo_start() there are multiple
issues with the incoming cfg80211 vendor command handling:
1) A policy is not supplied when invoking nla_parse() which prevents
   basic sanity of the incoming attribute stream.
2) The length of attribute QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_DEVICE_TYPES
   is not properly validated.
3) The length of attribute QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_VENDOR_IE
   is not properly validated.

To address these issues:
1) Create an appropriate nla_policy and specify this policy when
   invoking nla_parse().
2) Validate the length of QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_DEVICE_TYPES
   properly to prevent potential over read.
3) Validate the length of QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_VENDOR_IE
   properly to prevent potential over read.

Change-Id: I0a76dad8cccc6158f7ef3da293a6462acd839bfb
CRs-Fixed: 2054755

2017-06-18 14:36:59 -07:00

core

qcacld-3.0: Fix buffer overread & overflow in P2P LO handler

2017-06-18 14:36:59 -07:00

uapi/linux

qcacld-3.0: Add support for multiple instances of the host driver

2016-12-14 14:08:37 -08:00

Android.mk

qcacld-3.0: Use absolute path for header files

2017-04-09 13:57:23 -07:00

Kbuild

qcacld-3.0: Use refactored unit-test suspend APIs

2017-06-16 09:49:26 -07:00

Kconfig

qcacld-3.0: Enable DPTRACE for perf and production builds

2017-05-16 00:46:25 -07:00

Makefile

qcacld-3.0: accept module name externally

2016-06-01 10:48:46 -07:00

README.txt

Initial readme for WLAN Host Driver for iHelium

2015-04-06 11:45:23 -07:00

README.txt

This is CNSS WLAN Host Driver for products starting from iHelium