abhinav kumar 86812026a0 qcacmn: Possible Integer overflow in wifi_pos_oem_rsp_handler ...

API "target_if_wifi_pos_oem_rsp_ev_handler" is the handler for
the event with WMI_OEM_RESPONSE_EVENTID. Host receives
"rsp->dma_len" from fw. The integer overflow occurs if
"oem_rsp->dma_len" is big enough while calculating the total
length of the Oem Data response buffer.

Fix is to add a sanity check for rsp->dma_len to avoid integer
overflow.

Change-Id: Idfbd358f62534eae0147f03505ced5728877a269
CRs-Fixed: 3001191

2021-08-21 15:17:29 -07:00

..

inc

qcacmn: Replace MAX_CHANNELS with NUM_CHANNELS in wifipos module

2021-05-18 23:31:34 -07:00

src

qcacmn: Possible Integer overflow in wifi_pos_oem_rsp_handler

2021-08-21 15:17:29 -07:00