Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

qcacld-2.0: Possible OOB access in wlan_hdd_cfg80211_start_bss() 

Propagation from qcacld-3.0 to qcacld-2.0

Currently in function wlan_hdd_cfg80211_start_bss(), copying
supported rates and extended rates from information element pointer
without checking for array bounds which may cause OOB access.

To address this issue, add length checks before copying supported
rates and extended rates.

Change-Id: Ic6363e97bb3498a5dd23bc5e5f9b9f3ce093509d
CRs-Fixed: 2427503
Bug: 112432329
Signed-off-by: Ahmed ElArabawy <arabawy@google.com>
CVE-2019-10566
This commit is contained in:
Min Liu 2019-04-02 12:08:04 +08:00 committed by L R
parent 140141ef9d
commit 0e4954aaa5
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/net/wireless/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
View File

@ -10720,6 +10720,11 @@ static void wlan_hdd_check_11gmode(u8 *pIe, u8* require_ht, u8* require_vht,
{
u8 i, num_rates = pIe[0];
if (num_rates > SIR_MAC_RATESET_EID_MAX) {
hddLog(VOS_TRACE_LEVEL_ERROR, "Invalid supported rates %d", num_rates);
return;
}
pIe += 1;
for ( i = 0; i < num_rates; i++)
{