qcacld-2.0: Avoid possible buffer over-read in wma_wow_wakeup_host_event
Propagation from qcacld-3.0 to qcacld-2.0 Check for the minimum allowed data that can be written into the buffer param_buf->num_wow_packet_buffer in the function wma_process_utf_event. Change-Id: I8b83bc973fd6f0d7ad9e421a387ce3f03d6b6939 CRs-Fixed: 2379462
This commit is contained in:
parent
335822d09c
commit
26bf2356b5
|
@ -20732,6 +20732,11 @@ static int wma_wow_wakeup_host_event(void *handle, u_int8_t *event,
|
|||
|
||||
vos_event_set(&wma->wma_resume_event);
|
||||
if (param_buf->wow_packet_buffer) {
|
||||
if (param_buf->num_wow_packet_buffer <= 4) {
|
||||
WMA_LOGE("Invalid wow packet buffer from firmware %u",
|
||||
param_buf->num_wow_packet_buffer);
|
||||
return -EINVAL;
|
||||
}
|
||||
wow_buf_pkt_len = *(uint32_t *)param_buf->wow_packet_buffer;
|
||||
if (wow_buf_pkt_len > (param_buf->num_wow_packet_buffer - 4)) {
|
||||
WMA_LOGE("Invalid wow buf pkt len from firmware, wow_buf_pkt_len: %u, num_wow_packet_buffer: %u",
|
||||
|
|
Loading…
Reference in New Issue