qcacld-2.0: Fix buffer overwrite problem in GETSCANNPROBES

If (len + 1) is greater than priv_data.total_len then copy_to_user results in writing more data than the buffer can hold. Fix this by writing mininum of (len + 1) and priv_data.total_len Change-Id: Id1bf57ac345bc5bbd48fb19e60e54b6c2779d0cd CRs-Fixed: 865551
author: Srinivas Girigowda <sgirigow@qca.qualcomm.com> 2015-08-01 11:57:31 -0700
committer: Anjaneedevi Kapparapu <akappa@codeaurora.org> 2015-08-03 15:39:45 +0530
commit: bb4e89ec356ed39bc36306757bf734519c67be7c (patch)
tree: 50bfe46f5abfbd1c0862203ac2c00a544de791c9
parent: fa39ee322e0ff4569564b2dcc0eba82cc9b9c46a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c
index 7163fb97d5b0..eb5ffb58552a 100755
--- a/CORE/HDD/src/wlan_hdd_main.c
+++ b/CORE/HDD/src/wlan_hdd_main.c
@@ -4850,8 +4850,8 @@ static int hdd_driver_command(hdd_adapter_t *pAdapter,
            tANI_U8 len = 0;
 
            len = scnprintf(extra, sizeof(extra), "%s %d", command, val);
-           if (copy_to_user(priv_data.buf, &extra, len + 1))
-           {
+           len = VOS_MIN(priv_data.total_len, len + 1);
+           if (copy_to_user(priv_data.buf, &extra, len)) {
                VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
                   "%s: failed to copy data to user buffer", __func__);
                ret = -EFAULT;
author	Srinivas Girigowda <sgirigow@qca.qualcomm.com>	2015-08-01 11:57:31 -0700
committer	Anjaneedevi Kapparapu <akappa@codeaurora.org>	2015-08-03 15:39:45 +0530
commit	bb4e89ec356ed39bc36306757bf734519c67be7c (patch)
tree	50bfe46f5abfbd1c0862203ac2c00a544de791c9
parent	fa39ee322e0ff4569564b2dcc0eba82cc9b9c46a (diff)