qcacmn: Fix Uninitialized byte sent to FW in wmi_unified_cmd_send

In wmi_unified_cmd_send, the skb head is pushed by size of WMI_CMD_HDR and then the commandId is initialized in the header. However 1 byte of reserved memory in the WMI_CMD_HDR is not initialized and is sent to the FW as it is and this might lead to exposure of 1 byte of kernel memory to FW. Initialize the WMI_CMD_HDR to zero once the skb head is pushed and then set the commandId in the header. Change-Id: I89fd5401105cd9c61674a63aac5aa88fb20cc41a CRs-Fixed: 2257688
author: Vignesh Viswanathan <viswanat@codeaurora.org> 2018-06-15 12:42:45 +0530
committer: nshrivas <nshrivas@codeaurora.org> 2018-06-18 19:27:44 -0700
commit: a6d6253be0619cdd2329e2c9a2d2753c3ae83c93 (patch)
tree: 13c5e3896cb648f02f2321a0d7a059e318ecd51d
parent: 95795765907e6cd15edd8aa0d4c7f61c08b17af5 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/wmi/src/wmi_unified.c b/wmi/src/wmi_unified.c
index b774a782f577..d9f128dbba10 100644
--- a/wmi/src/wmi_unified.c
+++ b/wmi/src/wmi_unified.c
@@ -1322,6 +1322,7 @@ QDF_STATUS wmi_unified_cmd_send(wmi_unified_t wmi_handle, wmi_buf_t buf,
 		return QDF_STATUS_E_NOMEM;
 	}
 
+	qdf_mem_zero(qdf_nbuf_data(buf), sizeof(WMI_CMD_HDR));
 	WMI_SET_FIELD(qdf_nbuf_data(buf), WMI_CMD_HDR, COMMANDID, cmd_id);
 
 	qdf_atomic_inc(&wmi_handle->pending_cmds);
author	Vignesh Viswanathan <viswanat@codeaurora.org>	2018-06-15 12:42:45 +0530
committer	nshrivas <nshrivas@codeaurora.org>	2018-06-18 19:27:44 -0700
commit	a6d6253be0619cdd2329e2c9a2d2753c3ae83c93 (patch)
tree	13c5e3896cb648f02f2321a0d7a059e318ecd51d
parent	95795765907e6cd15edd8aa0d4c7f61c08b17af5 (diff)