diff options
| author | Himanshu Agarwal <himanaga@codeaurora.org> | 2017-10-04 14:59:52 +0530 |
|---|---|---|
| committer | snandini <snandini@codeaurora.org> | 2017-10-06 14:44:27 -0700 |
| commit | 1bab281747ee945deddaeebb327b25b76e40f704 (patch) | |
| tree | 894129b00db1fbd833a447aab9ef0eff56a51492 | |
| parent | 5294a4e6753a1ab0f8f199beddb72535464b3911 (diff) | |
qcacld-3.0: Add sanity check for vdev id to prevent OOB access
Add sanity check for vdev id in wma_scan_event_callback() to
prevent out of bound access of memory.
Change-Id: I2a264029a4d80a5478f786f91923ca26af2db74a
CRs-Fixed: 2119399
| -rw-r--r-- | core/wma/src/wma_scan_roam.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c index 989bb4ded10b..0ccdb8be8e8b 100644 --- a/core/wma/src/wma_scan_roam.c +++ b/core/wma/src/wma_scan_roam.c @@ -6113,6 +6113,11 @@ int wma_scan_event_callback(WMA_HANDLE handle, uint8_t *data, uint8_t vdev_id; uint32_t scan_id; + if (wmi_event->vdev_id >= wma_handle->max_bssid) { + WMA_LOGE("Invalid vdev id from firmware"); + return -EINVAL; + } + param_buf = (WMI_SCAN_EVENTID_param_tlvs *) data; wmi_event = param_buf->fixed_param; vdev_id = wmi_event->vdev_id; |
