mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
44 lines
1.5 KiB
Diff
44 lines
1.5 KiB
Diff
From 2c8961821b7691a95cbf5ecc6996e8229d6d5303 Mon Sep 17 00:00:00 2001
|
|
From: Arun Khandavalli <akhandav@qti.qualcomm.com>
|
|
Date: Mon, 9 Nov 2015 10:28:18 +0530
|
|
Subject: wlan: validate essid length before processing scan req
|
|
|
|
Presently we are not validating the length of the essid received
|
|
and directly copying the buffer without size checking.
|
|
Perform bound checking before processing the scan req.
|
|
|
|
Change-Id: I786e4feb67bf039df3d217138a412da54f51787d
|
|
CRs-fixed: 890228
|
|
---
|
|
CORE/HDD/src/wlan_hdd_scan.c | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/CORE/HDD/src/wlan_hdd_scan.c b/CORE/HDD/src/wlan_hdd_scan.c
|
|
index 8d3fa84..709fdec 100644
|
|
--- a/CORE/HDD/src/wlan_hdd_scan.c
|
|
+++ b/CORE/HDD/src/wlan_hdd_scan.c
|
|
@@ -740,7 +740,8 @@ int __iw_set_scan(struct net_device *dev, struct iw_request_info *info,
|
|
|
|
if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
|
|
|
|
- if(scanReq->essid_len) {
|
|
+ if(scanReq->essid_len &&
|
|
+ (scanReq->essid_len <= SIR_MAC_MAX_SSID_LENGTH)) {
|
|
scanRequest.SSIDs.numOfSSIDs = 1;
|
|
scanRequest.SSIDs.SSIDList =( tCsrSSIDInfo *)vos_mem_malloc(sizeof(tCsrSSIDInfo));
|
|
if(scanRequest.SSIDs.SSIDList) {
|
|
@@ -754,6 +755,10 @@ int __iw_set_scan(struct net_device *dev, struct iw_request_info *info,
|
|
VOS_ASSERT(0);
|
|
}
|
|
}
|
|
+ else
|
|
+ {
|
|
+ hddLog(LOGE, FL("Invalid essid length : %d"), scanReq->essid_len);
|
|
+ }
|
|
}
|
|
|
|
/* set min and max channel time */
|
|
--
|
|
cgit v1.1
|
|
|