Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

qcacld-2.0: Avoid possible buffer over-read in wma_wow_wakeup_host_event 

Propagation from qcacld-3.0 to qcacld-2.0

Check for the minimum allowed data that can be written into
the buffer param_buf->num_wow_packet_buffer  in the function
wma_process_utf_event.

Change-Id: I8b83bc973fd6f0d7ad9e421a387ce3f03d6b6939
CRs-Fixed: 2379462
This commit is contained in:
bings 2019-01-11 14:14:43 +08:00 committed by syphyr
parent 335822d09c
commit 26bf2356b5
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/net/wireless/qcacld-2.0/CORE/SERVICES/WMA/wma.c
View File

@ -20732,6 +20732,11 @@ static int wma_wow_wakeup_host_event(void *handle, u_int8_t *event,
vos_event_set(&wma->wma_resume_event);
if (param_buf->wow_packet_buffer) {
if (param_buf->num_wow_packet_buffer <= 4) {
WMA_LOGE("Invalid wow packet buffer from firmware %u",
param_buf->num_wow_packet_buffer);
return -EINVAL;
}
wow_buf_pkt_len = *(uint32_t *)param_buf->wow_packet_buffer;
if (wow_buf_pkt_len > (param_buf->num_wow_packet_buffer - 4)) {
WMA_LOGE("Invalid wow buf pkt len from firmware, wow_buf_pkt_len: %u, num_wow_packet_buffer: %u",