mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
35 lines
1.3 KiB
Diff
35 lines
1.3 KiB
Diff
From a079d716b5481223f0166c644e9ec7c75a31b02c Mon Sep 17 00:00:00 2001
|
|
From: Mahesh A Saptasagar <c_msapta@qti.qualcomm.com>
|
|
Date: Tue, 27 Oct 2015 19:25:49 +0530
|
|
Subject: qcacld 2.0: Address buffer overflow due to invalid length
|
|
|
|
prima to qcacld-2.0 propagation
|
|
|
|
Check for valid length before copying the packet filter data from
|
|
userspace buffer to kernel space buffer to avoid buffer overflow
|
|
issue.
|
|
|
|
Change-Id: I9548727543b903b5eaafa25c6184615d511ca99d
|
|
CRs-Fixed: 930533
|
|
---
|
|
CORE/HDD/src/wlan_hdd_wext.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
|
|
index 91809f8..668cd1d 100644
|
|
--- a/CORE/HDD/src/wlan_hdd_wext.c
|
|
+++ b/CORE/HDD/src/wlan_hdd_wext.c
|
|
@@ -9741,6 +9741,9 @@ int wlan_hdd_set_filter(hdd_context_t *pHddCtx, tpPacketFilterCfg pRequest,
|
|
|
|
hddLog(VOS_TRACE_LEVEL_INFO, "Data Offset %d Data Len %d",
|
|
pRequest->paramsData[i].dataOffset, pRequest->paramsData[i].dataLength);
|
|
+ if ((sizeof(packetFilterSetReq.paramsData[i].compareData)) <
|
|
+ (pRequest->paramsData[i].dataLength))
|
|
+ return -EINVAL;
|
|
|
|
memcpy(&packetFilterSetReq.paramsData[i].compareData,
|
|
pRequest->paramsData[i].compareData, pRequest->paramsData[i].dataLength);
|
|
--
|
|
cgit v1.1
|
|
|