qcacld 2.0: Prevent buffer overflow in QCSAP_IOCTL_VERSION

The QCSAP_IOCTL_VERSION IOCTL is registered with a maximum GET buffer length of QCSAP_MAX_SC_IE = 256 bytes. But while filling buffer, Host allows to fill till WE_MAX_STR_LEN which may lead to buffer overflow. As a part of this fix, Host ensure to register with maximum WE_MAX_STR_LEN buffer length. Change-Id: I5ba0268e978c7ddadabc96a4eba18140ff7db3c6 CRs-Fixed: 1001142
2016-05-24 22:03:51 +05:30 · 2016-05-24 22:03:51 +05:30 · ac01a8aebe
parent 4bd5bf3fd5
commit ac01a8aebe
1 changed files with 1 additions and 1 deletions
--- a/drivers/net/wireless/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c
+++ b/drivers/net/wireless/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c
@ -6322,7 +6322,7 @@ static const struct iw_priv_args hostapd_private_args[] = {
  { QCSAP_IOCTL_STOPBSS,
      IW_PRIV_TYPE_BYTE | IW_PRIV_SIZE_FIXED, 0, "stopbss" },
  { QCSAP_IOCTL_VERSION, 0,
-      IW_PRIV_TYPE_CHAR | QCSAP_MAX_WSC_IE, "version" },
+      IW_PRIV_TYPE_CHAR | WE_MAX_STR_LEN, "version" },
  { QCSAP_IOCTL_GET_STA_INFO, 0,
      IW_PRIV_TYPE_CHAR | WE_SAP_MAX_STA_INFO, "get_sta_info" },
  { QCSAP_IOCTL_GET_WPS_PBC_PROBE_REQ_IES,