mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
28 lines
1005 B
Diff
28 lines
1005 B
Diff
|
From 4b29d0111186ebef75a9af7da8257697386ac4a4 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Insun Song <insun.song@broadcom.com>
|
||
|
|
Date: Wed, 25 Jan 2017 11:41:49 -0800
|
||
|
|
Subject: [PATCH] net: wireless: bcmdhd: fix buffer overrun in wlfc reordering
|
||
|
|
|
||
|
|
added boundary check not to override allocated buffer
|
||
|
|
|
||
|
|
Signed-off-by: Insun Song <insun.song@broadcom.com>
|
||
|
|
Change-Id: Iad44141ba4e4cd224eda292c05ffe525bf74227d
|
||
|
|
Bug: 34203305
|
||
|
|
---
|
||
|
|
drivers/net/wireless/bcmdhd/dhd_wlfc.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/drivers/net/wireless/bcmdhd/dhd_wlfc.c b/drivers/net/wireless/bcmdhd/dhd_wlfc.c
|
||
|
|
index 741ebc8642275..3b9cfe85f7635 100644
|
||
|
|
--- a/drivers/net/wireless/bcmdhd/dhd_wlfc.c
|
||
|
|
+++ b/drivers/net/wireless/bcmdhd/dhd_wlfc.c
|
||
|
|
@@ -2458,7 +2458,7 @@ static void
|
||
|
|
_dhd_wlfc_reorderinfo_indicate(uint8 *val, uint8 len, uchar *info_buf, uint *info_len)
|
||
|
|
{
|
||
|
|
if (info_len) {
|
||
|
|
- if (info_buf) {
|
||
|
|
+ if (info_buf && (len <= WLHOST_REORDERDATA_TOTLEN)) {
|
||
|
|
bcopy(val, info_buf, len);
|
||
|
|
*info_len = len;
|
||
|
|
}
|