samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
debfc5a964f69a8da0afb827fc0c47b004cf6509
android_kernel_samsung_sm86…/core
History
Sourav Mohapatra debfc5a964 qcacld-3.0: Check buff len alloc in __iw_set_packet_filter_params 
In __iw_set_packet_filter_params(), a user controlled length value,
priv_data.length, is used to allocated a buffer. This buffer is then
cast to a struct pointer of struct pkt_filter_cfg type without ensuring
the buffer is large enough to hold the struct. This can lead to a buffer
overread if the user supplied size is smaller than the actual size of the
struct.

Add a sanity check on priv_data.length to ensure that the size is large
enough to hold the struct.

Change-Id: I227856484d4bd7a9b0a16a42e26febbc799f80b5
CRs-Fixed: 2228725
2018-05-09 22:53:36 -07:00
..
bmi
qcacld-3.0: bmi: Remove legacy markings
2018-04-24 14:48:51 -07:00
cds
qcacld-3.0: Fix regression of peer map adjustment
2018-05-08 13:47:22 -07:00
dp
qcacld-3.0: Fix typo "capabilites"
2018-05-09 16:31:19 -07:00
hdd
qcacld-3.0: Check buff len alloc in __iw_set_packet_filter_params
2018-05-09 22:53:36 -07:00
mac
Release 5.2.0.77C
2018-05-09 20:22:51 -07:00
pld
qcacld-3.0: pld: Remove legacy markings
2018-04-24 14:48:41 -07:00
sap
qcacld-3.0: Fix typo "choosen"
2018-05-09 15:19:55 -07:00
sme
qcacld-3.0: Modify callers of ObjMgr APIs to include pdev_id
2018-05-09 01:44:33 -07:00
wma
qcacld-3.0: Enable fw_crash_timeout
2018-05-09 20:22:51 -07:00