Ashish Kumar Dhanotiya a60c1754b3 qcacld-3.0: Possible buffer overwrite in vendor scan request ...

In api "__wlan_hdd_cfg80211_vendor_scan", the ssid length is u8,
when memcpy is done for ssid, the length is not validated and
nla_len(attr) is used directly in memcpy which can result in buffer
overwrite.

Add a check to validate the max length of scan ssid against
SIR_MAC_MAX_SSID_LENGTH.

Change-Id: If4c25710973ee50094c5d52410269962f552ac3f
CRs-Fixed: 2153326

2017-12-21 09:21:46 -08:00

..

bmi

Revert "qcacld-3.0: Do not access target register in driver unloading"

2017-10-25 17:48:22 -07:00

cds

qcacld-3.0: Add fixes to prevent NULL pdev access on module stop

2017-12-20 14:10:28 -08:00

dp

qcacld-3.0: remove struct sps_iovc reference

2017-12-20 19:27:24 -08:00

hdd

qcacld-3.0: Possible buffer overwrite in vendor scan request

2017-12-21 09:21:46 -08:00

mac

Release 5.2.0.58Z

2017-12-21 05:26:43 -08:00

pld

qcacld-3.0: Remove unused PLD PCIe APIs

2017-12-01 13:39:58 -08:00

sap

qcacld-3.0: Fix memory leak issue of ch_list in sap_get_channel_list

2017-12-20 19:27:21 -08:00

sme

qcacld-3.0: Add ini hostscan_adaptive_dwell_mode_no_conn

2017-12-20 07:26:06 -08:00

wma

qcacld-3.0: Use correct wmi event id when register wmi event

2017-12-19 13:37:36 -08:00