qcacld-2.0: Fix buffer overwrite problem in GETROAMSCANCONTROL

If (len + 1) is greater than priv_data.total_len then copy_to_user results in writing more data than the buffer can hold. Fix this by writing mininum of (len + 1) and priv_data.total_len Change-Id: Ib73f73cdead8e5e68e4f9941ff7969ad0d4ec9c5 CRs-Fixed: 865514
author: AnjaneeDevi Kapparapu <c_akappa@qti.qualcomm.com> 2015-08-03 12:27:12 +0530
committer: Anjaneedevi Kapparapu <akappa@codeaurora.org> 2015-08-03 15:39:45 +0530
commit: 48bda88169ae01ac8f9bc45d3158006abf3f5d06 (patch)
tree: d28b2a63d605773b417e90fe46aa0c9e73ebf88e
parent: 3db75b97ee163eae76aeac83c2ded637c257a982 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c
index 80157ff22d22..23560288cea1 100755
--- a/CORE/HDD/src/wlan_hdd_main.c
+++ b/CORE/HDD/src/wlan_hdd_main.c
@@ -5416,7 +5416,8 @@ static int hdd_driver_command(hdd_adapter_t *pAdapter,
 
            len = scnprintf(extra, sizeof(extra), "%s %d",
                    command, roamScanControl);
-           if (copy_to_user(priv_data.buf, &extra, len + 1))
+           len = VOS_MIN(priv_data.total_len, len + 1);
+           if (copy_to_user(priv_data.buf, &extra, len))
            {
                VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
                   "%s: failed to copy data to user buffer", __func__);
author	AnjaneeDevi Kapparapu <c_akappa@qti.qualcomm.com>	2015-08-03 12:27:12 +0530
committer	Anjaneedevi Kapparapu <akappa@codeaurora.org>	2015-08-03 15:39:45 +0530
commit	48bda88169ae01ac8f9bc45d3158006abf3f5d06 (patch)
tree	d28b2a63d605773b417e90fe46aa0c9e73ebf88e
parent	3db75b97ee163eae76aeac83c2ded637c257a982 (diff)