qcacld-3.0: Check buff len alloc in __iw_set_packet_filter_params

In __iw_set_packet_filter_params(), a user controlled length value,
priv_data.length, is used to allocated a buffer. This buffer is then
cast to a struct pointer of struct pkt_filter_cfg type without ensuring
the buffer is large enough to hold the struct. This can lead to a buffer
overread if the user supplied size is smaller than the actual size of the
struct.

Add a sanity check on priv_data.length to ensure that the size is large
enough to hold the struct.

Change-Id: I227856484d4bd7a9b0a16a42e26febbc799f80b5
CRs-Fixed: 2228725

0 files changed, 0 insertions, 0 deletions