Pragaspathi Thilagaraj 0008879d13 qcacld-3.0: Fix OOB write in wma_unified_debug_print_event_handler ... The routine wma_unified_debug_print_event_handler logs the data from debug print event handler. The param event data from firmware is copied to a destination buffer .If the maximum size of the data exceeds or equals BIG_ENDIAN_MAX_DEBUG_BUF for big endian hosts then possible OOB write will occur in wma_unified_debug_print_event_handler. For other hosts, OOB read could occur if datalen exceeds maximum firmware message size WMI_SVC_MAX_SIZE. Add check to validate datalen doesnot exceed the maximum firmware msg size WMI_SVC_MAX_SIZE. Return failure if it exceeds. Add check to ensure datalen doesnot exceed or equal the maximum buffer length value for big endian hosts BIG_ENDIAN_MAX_DEBUG_BUF. Invoke strlcpy instead of memcpy to ensure the string is null terminated before printed. Change-Id: I45943ae76d8fcf7b53e1f064c462d01cd6d00dcf CRs-Fixed: 2211133		2018-04-05 01:29:46 -07:00
..
inc	qcacld-3.0: Implement DHCP START/STOP indication for SAP/P2P GO	2018-03-28 21:09:07 -07:00
src	qcacld-3.0: Fix OOB write in wma_unified_debug_print_event_handler	2018-04-05 01:29:46 -07:00