qcacld-2.0: Fix buffer overflow in fill_ieee80211_hdr_data
CV: Propagate from qcacld3.0 to qcacld2.0: - fill_ieee80211_hdr_data doesn't exist, it's just a code snippet inside process_tx_info. - pl_msdu_info->num_msdu -> pl_msdu_info.num_msdu. - QDF_TRACE -> adf_os_print. - qdf_assert -> adf_os_assert. Currently variable pl_msdu_info->num_msdu is from message, and is used directly as array size. This may cause buffer overflow. To address this issue add qdf_assert check. Change-Id: Ice78633314b321243136ce4987c633e1201d3cb8 CRs-Fixed: 2187441 Signed-off-by: Corinna Vinschen <xda@vinschen.de>
This commit is contained in:
parent
266819e84c
commit
38a292f25a
|
@ -407,6 +407,11 @@ process_tx_info(struct ol_txrx_pdev_t *txrx_pdev,
|
|||
sizeof(uint32_t);
|
||||
log_size = sizeof(pl_msdu_info.priv);
|
||||
|
||||
if (pl_msdu_info.num_msdu > MAX_PKT_INFO_MSDU_ID) {
|
||||
adf_os_print("Invalid num_msdu count in %s\n", __func__);
|
||||
adf_os_assert(0);
|
||||
return A_ERROR;
|
||||
}
|
||||
for (i = 0; i < pl_msdu_info.num_msdu; i++) {
|
||||
/*
|
||||
* Handle big endianess
|
||||
|
|
Loading…
Reference in New Issue