diff options
| author | CNSS_WLAN Service <cnssbldsw@qualcomm.com> | 2017-09-28 16:50:22 -0700 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2017-09-28 16:50:22 -0700 |
| commit | fe25229b812e479f48a2dd98fc268ca3a72e38ff (patch) | |
| tree | 34310b9d371d3648df241ed1a2d241c7d918ce11 | |
| parent | 8005ebebddfbe2b13931f929185c9d9f12e3bac7 (diff) | |
| parent | 2377fadff8982edf23c6d39c75bc7f98324327ca (diff) | |
Merge "qcacld-3.0: Prevent buffer overflow" into wlan-cld3.driver.lnx.1.1
| -rw-r--r-- | core/hdd/src/wlan_hdd_ftm.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/core/hdd/src/wlan_hdd_ftm.c b/core/hdd/src/wlan_hdd_ftm.c index 62f6ebf730d2..daca6641c2dd 100644 --- a/core/hdd/src/wlan_hdd_ftm.c +++ b/core/hdd/src/wlan_hdd_ftm.c @@ -333,6 +333,9 @@ static void wlanqcmbr_mc_process_msg(void *message) uint32_t data_len; data_len = *((uint32_t *) message) + sizeof(uint32_t); + if (data_len > MAX_UTF_LENGTH + 4) + return; + qcmbr_buf = qdf_mem_malloc(sizeof(qcmbr_queue_t)); if (qcmbr_buf != NULL) { memcpy(qcmbr_buf->utf_buf, message, data_len); |
