diff options
| author | Ashish Kumar Dhanotiya <adhanoti@codeaurora.org> | 2017-07-06 17:27:05 +0530 |
|---|---|---|
| committer | snandini <snandini@codeaurora.org> | 2017-07-07 11:36:44 -0700 |
| commit | a3c97b7058566cc3497f15fbde9ebced92541414 (patch) | |
| tree | 0a3df45254bfaa2a8414285417f45d3542defcda | |
| parent | 686fdaf37556b1e0aa8b07607693a207572f3334 (diff) | |
qcacld-2.0: Fix out of bound memory access
There is a possibility of OOB memory access within api
wlan_hdd_qcmbr_command.
To resolve this issue add appropriate buffer length check before
using the buffer.
Change-Id: I3bc0bb74e07fbf4b5c1f2163c9fb0b80d8839d0d
CRs-Fixed: 2060990
| -rw-r--r-- | CORE/HDD/src/wlan_hdd_ftm.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/CORE/HDD/src/wlan_hdd_ftm.c b/CORE/HDD/src/wlan_hdd_ftm.c index 1310e75f1ccc..888baa153494 100644 --- a/CORE/HDD/src/wlan_hdd_ftm.c +++ b/CORE/HDD/src/wlan_hdd_ftm.c @@ -955,7 +955,8 @@ static int wlan_hdd_qcmbr_command(hdd_adapter_t *pAdapter, qcmbr_data_t *pqcmbr_ switch (pqcmbr_data->cmd) { case ATH_XIOCTL_UNIFIED_UTF_CMD: { pqcmbr_data->copy_to_user = 0; - if (pqcmbr_data->length) { + if (pqcmbr_data->length && + pqcmbr_data->length <= sizeof(pqcmbr_data->buf)) { if (wlan_hdd_ftm_testmode_cmd(pqcmbr_data->buf, pqcmbr_data->length, TRUE) |