Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity

qcacld 2.0: Address buffer overflow due to invalid length

Browse source 
prima to qcacld-2.0 propagation

Check for valid length before copying the packet filter data from
userspace buffer to kernel space buffer to avoid buffer overflow
issue.

Bug: 26754117
Change-Id: I8d25a9d1b6909b6dda7a1d2aa80407ef2da821aa
Signed-off-by: Yuan Lin <yualin@google.com>
This commit is contained in:
Mahesh A Saptasagar 2016-03-24 00:10:56 -07:00 committed by Yuan Lin
parent 34953f9f66
commit 243408ceb8
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
View file

@ -5562,6 +5562,9 @@ int wlan_hdd_set_filter(hdd_context_t *pHddCtx, tpPacketFilterCfg pRequest,
hddLog(VOS_TRACE_LEVEL_INFO, "Data Offset %d Data Len %d\n",
pRequest->paramsData[i].dataOffset, pRequest->paramsData[i].dataLength);
if ((sizeof(packetFilterSetReq.paramsData[i].compareData)) <
(pRequest->paramsData[i].dataLength))
return -EINVAL;
memcpy(&packetFilterSetReq.paramsData[i].compareData,
pRequest->paramsData[i].compareData, pRequest->paramsData[i].dataLength);