Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity

wlan: validate essid length before processing scan req

Browse source 
Presently we are not validating the length of the essid received
and directly copying the buffer without size checking.
Perform bound checking before processing the scan req.

Change-Id: I786e4feb67bf039df3d217138a412da54f51787d
CRs-fixed: 890228
Bug: 27773913
This commit is contained in:
Arun Khandavalli 2016-04-11 12:42:58 -07:00 committed by Min Chong
parent 1683ab87bd
commit 19676e8954
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
drivers/staging/prima/CORE/HDD/src/wlan_hdd_scan.c
View file

@ -685,7 +685,8 @@ int iw_set_scan(struct net_device *dev, struct iw_request_info *info,
if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
if(scanReq->essid_len) {
if(scanReq->essid_len &&
(scanReq->essid_len <= SIR_MAC_MAX_SSID_LENGTH)) {
scanRequest.SSIDs.numOfSSIDs = 1;
scanRequest.SSIDs.SSIDList =( tCsrSSIDInfo *)vos_mem_malloc(sizeof(tCsrSSIDInfo));
if(scanRequest.SSIDs.SSIDList) {
@ -699,6 +700,10 @@ int iw_set_scan(struct net_device *dev, struct iw_request_info *info,
VOS_ASSERT(0);
}
}
else
{
hddLog(LOGE, FL("Invalid essid length : %d"), scanReq->essid_len);
}
}
/* set min and max channel time */