android_kernel_zuk_msm8996.git

diff options

author	Deeksha Gupta <deegupta@codeaurora.org>	2021-09-29 13:38:44 +0530
committer	Deeksha Gupta <quic_deegupta@quicinc.com>	2021-10-20 18:21:11 +0530
commit	e0b70b5fd535aa8bd7fc2d1c4cbc0ae5e529cac2 (patch)
tree	e28be46886d2ba683168b356be138864f1b72c7f /security/selinux/hooks.c
parent	1da16a753ff855f0635b2f6a32eb89231a877013 (diff)

qcacld-3.0: Fix possible OOB in unpack_tlv_core

Currently in unpack_tlv_core(), nBufRemaining is validated after calling framesntohs API. Since, framesntohs() copies pIn address to pOut address with length = 2 bytes as below. DOT11F_MEMCPY(pCtx, (uint16_t *)pOut, pIn, 2); which could cause OOB issue if pIn contains less than 2 bytes. Fix is to validate the nBufRemaining size before calling framesntohs(). Change-Id: I3ead03ec948282a410ddba5b01f82ca31d3d9199 CRs-Fixed: 3042282

Diffstat (limited to 'security/selinux/hooks.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: