Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

qcacld-2.0: Add a NULL check on channels in IOCTL SETROAMSCANCHANNELS 

qcacld-3.0 to qcacld-2.0 propagation

User sends driver a list of roaming scan channels to set through IOCTL
SETROAMSCANCHANNELS. The parameters include the number of elements in
the array, followed by channel array and then a NULL character. But
when driver loops through the channel array it doesn't have a NULL
check. An erroneous number of elements passed by user may cause buffer
overread.

Add a NULL check on channels passed in IOCTL SETROAMSCANCHANNELS.

Change-Id: I7342aa5cf8e5267b7ed06a4e35b1ed882fb97893
CRs-Fixed: 2257064
This commit is contained in:
Nachiket Kukade 2018-06-08 15:36:47 +05:30 committed by syphyr
parent 0834b88e7d
commit 81c61e122f
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/net/wireless/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c
View File

@ -2853,6 +2853,14 @@ hdd_parse_set_roam_scan_channels_v2(hdd_adapter_t *pAdapter,
for (i = 0; i < num_chan; i++) {
channel = *value++;
if (!channel) {
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
"%s: Channels end at index %d, expected %d",
__func__, i, num_chan);
ret = -EINVAL;
goto exit;
}
if (channel > WNI_CFG_CURRENT_CHANNEL_STAMAX) {
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
"%s: index %d invalid channel %d", __func__, i, channel);