summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCNSS_WLAN Service <cnssbldsw@qualcomm.com>2017-09-28 16:50:22 -0700
committerGerrit - the friendly Code Review server <code-review@localhost>2017-09-28 16:50:22 -0700
commitfe25229b812e479f48a2dd98fc268ca3a72e38ff (patch)
tree34310b9d371d3648df241ed1a2d241c7d918ce11
parent8005ebebddfbe2b13931f929185c9d9f12e3bac7 (diff)
parent2377fadff8982edf23c6d39c75bc7f98324327ca (diff)
Merge "qcacld-3.0: Prevent buffer overflow" into wlan-cld3.driver.lnx.1.1
-rw-r--r--core/hdd/src/wlan_hdd_ftm.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/core/hdd/src/wlan_hdd_ftm.c b/core/hdd/src/wlan_hdd_ftm.c
index 62f6ebf730d2..daca6641c2dd 100644
--- a/core/hdd/src/wlan_hdd_ftm.c
+++ b/core/hdd/src/wlan_hdd_ftm.c
@@ -333,6 +333,9 @@ static void wlanqcmbr_mc_process_msg(void *message)
uint32_t data_len;
data_len = *((uint32_t *) message) + sizeof(uint32_t);
+ if (data_len > MAX_UTF_LENGTH + 4)
+ return;
+
qcmbr_buf = qdf_mem_malloc(sizeof(qcmbr_queue_t));
if (qcmbr_buf != NULL) {
memcpy(qcmbr_buf->utf_buf, message, data_len);