qcacld-3.0: Fix OOB read in hdd_populate_wifi_signal_info

While handling ll stats information there is a possibility of OOB read in hdd_populate_wifi_signal_info api as FW is giving num_chan info as uint_32 and host has saved into int_32 type variable which may lead to an extremely large positive number which is getting used as index of for loop to populate signal info in skp which may lead to OOB read. Change-Id: I032eb465db30ee9e3a7ba0c4f017ed781264c47d CRs-fixed: 2383605
author: Ashish Kumar Dhanotiya <adhanoti@codeaurora.org> 2019-02-25 21:06:00 +0530
committer: nshrivas <nshrivas@codeaurora.org> 2019-03-05 00:22:29 -0800
commit: d549fa5941c145c85a6b32d904af97e79d125520 (patch)
tree: 3ac3305c5466dc81561c1954123a1e62edcc1ac6
parent: 3c860bb010228e3ccab5c1fbc958cfda4be0a7fc (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/core/mac/inc/sir_api.h b/core/mac/inc/sir_api.h
index 2e225b2b1005..470b4459bfb4 100644
--- a/core/mac/inc/sir_api.h
+++ b/core/mac/inc/sir_api.h
@@ -6166,9 +6166,9 @@ struct sir_wifi_peer_signal_stats {
 	/* Background noise */
 	int32_t nf[WIFI_MAX_CHAINS];
 
-	int32_t per_ant_rx_mpdus[WIFI_MAX_CHAINS];
-	int32_t per_ant_tx_mpdus[WIFI_MAX_CHAINS];
-	int32_t num_chain;
+	uint32_t per_ant_rx_mpdus[WIFI_MAX_CHAINS];
+	uint32_t per_ant_tx_mpdus[WIFI_MAX_CHAINS];
+	uint32_t num_chain;
 };
 
 #define WIFI_VDEV_NUM     4
author	Ashish Kumar Dhanotiya <adhanoti@codeaurora.org>	2019-02-25 21:06:00 +0530
committer	nshrivas <nshrivas@codeaurora.org>	2019-03-05 00:22:29 -0800
commit	d549fa5941c145c85a6b32d904af97e79d125520 (patch)
tree	3ac3305c5466dc81561c1954123a1e62edcc1ac6
parent	3c860bb010228e3ccab5c1fbc958cfda4be0a7fc (diff)