Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

qcacld-2.0: Fix buffer overflow in fill_ieee80211_hdr_data 

CV: Propagate from qcacld3.0 to qcacld2.0:
- fill_ieee80211_hdr_data doesn't exist, it's just a code snippet inside
  process_tx_info.
- pl_msdu_info->num_msdu -> pl_msdu_info.num_msdu.
- QDF_TRACE -> adf_os_print.
- qdf_assert -> adf_os_assert.

Currently variable pl_msdu_info->num_msdu is from message, and
is used directly as array size. This may cause buffer overflow.

To address this issue add qdf_assert check.

Change-Id: Ice78633314b321243136ce4987c633e1201d3cb8
CRs-Fixed: 2187441
Signed-off-by: Corinna Vinschen <xda@vinschen.de>
This commit is contained in:
Alok Kumar 2019-12-03 16:59:11 +01:00 committed by L R
parent 266819e84c
commit 38a292f25a
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/net/wireless/qcacld-2.0/CORE/UTILS/PKTLOG/pktlog_internal.c
View File

@ -407,6 +407,11 @@ process_tx_info(struct ol_txrx_pdev_t *txrx_pdev,
sizeof(uint32_t);
log_size = sizeof(pl_msdu_info.priv);
if (pl_msdu_info.num_msdu > MAX_PKT_INFO_MSDU_ID) {
adf_os_print("Invalid num_msdu count in %s\n", __func__);
adf_os_assert(0);
return A_ERROR;
}
for (i = 0; i < pl_msdu_info.num_msdu; i++) {
/*
* Handle big endianess