samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
35b9bf6c440ac947fb7210d559c9570be79f4c93
android_kernel_samsung_sm86…/dp
History
Yeshwanth Sriram Guntuka 35b9bf6c44 qcacmn: Fix possible OOB access of rx_refill_ring_history 
In monitor mode, when the channel is set to any 2G band channel
the mac_id passed to dp_mon_process API is 1. As part of
dp_rx_buffers_replenish, refill history is logged and the
mac_id is used to index into the history array. The array is
of size 1 and OOB access would happen when ring_num which
is the mac_id, passed in is 1.

Fix is to pass the pdev->lmac_id instead to
dp_rx_refill_ring_record_entry and add ring_num sanity check.

Change-Id: Id824ec8b01e7923ad74771d5f34a25f5fccb65f3
CRs-Fixed: 2939544
2021-05-11 08:03:31 -07:00
..
cmn_dp_api
qcacmn: Add HE MCS12/13 support
2021-03-26 04:13:46 -07:00
inc
qcacmn: compiling WDI3 version of IPA
2021-05-06 06:23:47 -07:00
wifi3.0
qcacmn: Fix possible OOB access of rx_refill_ring_history
2021-05-11 08:03:31 -07:00