qcacld-3.0: Possible OOB read in cds_get_channel_list()

While checking for DFS channels, chan_index may increase to greater than channel_list buffer max value, which may cause out of bufer read. To address this issue, add check for chan_index against QDF_MAX_NUM_CHAN. Change-Id: I6e8663ee89e282bd053af48e52eefe2ea09c06cb CRs-Fixed: 2266841
author: Dundi Raviteja <dundi@codeaurora.org> 2018-06-25 13:24:43 +0530
committer: nshrivas <nshrivas@codeaurora.org> 2018-06-28 13:06:47 -0700
commit: f24aa02f06ddccac735bf6a511b4cab5b293f6f9 (patch)
tree: c31edec8779c8645648e44e3aa24901385bfd011
parent: be9fcb0fa768ad413e37fb2b31a97e69106878f9 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/core/cds/src/cds_concurrency.c b/core/cds/src/cds_concurrency.c
index 5bdf05f62e5f..b676d42e9d17 100644
--- a/core/cds/src/cds_concurrency.c
+++ b/core/cds/src/cds_concurrency.c
@@ -5257,7 +5257,8 @@ static QDF_STATUS cds_get_channel_list(enum cds_pcl_type pcl,
 	}
 
 	while ((chan_index < num_channels) &&
-		(chan_index_5 < QDF_MAX_NUM_CHAN)) {
+	       (chan_index_5 < QDF_MAX_NUM_CHAN) &&
+	       (chan_index < QDF_MAX_NUM_CHAN)) {
 		if ((true == skip_dfs_channel) &&
 		    CDS_IS_DFS_CH(channel_list[chan_index])) {
 			chan_index++;
author	Dundi Raviteja <dundi@codeaurora.org>	2018-06-25 13:24:43 +0530
committer	nshrivas <nshrivas@codeaurora.org>	2018-06-28 13:06:47 -0700
commit	f24aa02f06ddccac735bf6a511b4cab5b293f6f9 (patch)
tree	c31edec8779c8645648e44e3aa24901385bfd011
parent	be9fcb0fa768ad413e37fb2b31a97e69106878f9 (diff)