qcacld-2.0: Fix information leak issue during memcpy

The buffer allocated with lenth "ATH6KL_FWLOG_PAYLOAD_SIZE "
is not initialized, this may lead to information leak during
memcpy when len < ATH6KL_FWLOG_PAYLOAD_SIZE.

To resolve this issue, memset the buffer for length
(ATH6KL_FWLOG_PAYLOAD_SIZE - len) to 0

Change-Id: If4a49347d674ad2af0438b408a4a4b9308c61026
CRs-Fixed: 2253103

1 files changed, 6 insertions, 0 deletions

diff --git a/CORE/UTILS/FWLOG/dbglog_host.c b/CORE/UTILS/FWLOG/dbglog_host.c
index 8e4201a54cc2..f6a410924203 100644
--- a/CORE/UTILS/FWLOG/dbglog_host.c
+++ b/CORE/UTILS/FWLOG/dbglog_host.c
@@ -2123,6 +2123,9 @@ send_diag_netlink_data(const u_int8_t *buffer, A_UINT32 len, A_UINT32 cmd)
         slot->dropped = get_version;
         memcpy(slot->payload, buffer, len);
 
+        /* Need to pad each record to fixed length ATH6KL_FWLOG_PAYLOAD_SIZE */
+        memset(slot->payload + len, 0, ATH6KL_FWLOG_PAYLOAD_SIZE - len);
+
         res = nl_srv_bcast_fw_logs(skb_out);
         if ((res < 0) && (res != -ESRCH)) {
             AR_DEBUG_PRINTF(ATH_DEBUG_RSVD1,
@@ -2185,6 +2188,9 @@ dbglog_process_netlink_data(wmi_unified_t wmi_handle, const u_int8_t *buffer,
         slot->dropped = cpu_to_le32(dropped);
         memcpy(slot->payload, buffer, len);
 
+        /* Need to pad each record to fixed length ATH6KL_FWLOG_PAYLOAD_SIZE */
+        memset(slot->payload + len, 0, ATH6KL_FWLOG_PAYLOAD_SIZE - len);
+
         res = nl_srv_bcast_fw_logs(skb_out);
         if ((res < 0) && (res != -ESRCH))
         {