From 41c47c76d3672de1a091b53878e1abad583b413d Mon Sep 17 00:00:00 2001 From: Srinivas Girigowda Date: Thu, 25 May 2017 15:16:36 -0700 Subject: [PATCH] qcacld-2.0: Trim extn capability to max supported in change station extn capabilities can be controlled by user, which can be sent greater than the max supported value. This results in stack overflow in change station command. Add check to validate extn capability param given by user and if it exceeds max supported value, set it to max supported value. CRs-Fixed: 2044820 Change-Id: I531799dd06c41069e85ad969de6182363dbf9f05 Bug: 36817798 Signed-off-by: Srinivas Girigowda --- drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c index 3580d2b73494b..0fd39f568de4d 100644 --- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c +++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c @@ -14887,9 +14887,16 @@ static int __wlan_hdd_change_station(struct wiphy *wiphy, StaParams.supported_oper_classes_len = params->supported_oper_classes_len; + if (params->ext_capab_len > sizeof(StaParams.extn_capability)) { + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, + "received extn capabilities: %d, reset to max supported", + params->ext_capab_len); + params->ext_capab_len = sizeof(StaParams.extn_capability); + } + if (0 != params->ext_capab_len) vos_mem_copy(StaParams.extn_capability, params->ext_capab, - sizeof(StaParams.extn_capability)); + params->ext_capab_len); if (NULL != params->ht_capa) { StaParams.htcap_present = 1;