lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3566823ebe
android_kernel_xiaomi_sm8350/core
History
Dundi Raviteja 3566823ebe qcacld-3.0: OOB read while processing extscan change results 
In function wma_extscan_change_results_event_handler(), numResults
in dest_chglist is assigning as total_entries in the event, but the
memory allocated to dest_chglist is based on the numap variable,
which may cause out of buffer read in extscan indication callback
function wlan_hdd_cfg80211_extscan_signif_wifi_change_results_ind().

Also tSirWifiSignificantChange array parsing in both the functions
is not efficient which may lead to accessing unallocated memory.

To address out of buffer read, assign numap to numResults in
dest_chglist and to address accessing of unallocated memory,
parse tSirWifiSignificantChange array with efficient logic.

Change-Id: Ia0c287147e80e17de84fe6b1cb83c8e3c29a1fa0
CRs-Fixed: 2253396
2018-07-03 13:42:14 -07:00
..
bmi qcacld-3.0: Abstract SDIO block size 2018-06-25 04:55:52 -07:00
cds qcacld-3.0: Add CPU mask INI option for Rx_thread affinity 2018-07-02 12:23:20 -07:00
dp qcacld-3.0: Add CDP API to set key in data path 2018-07-02 16:08:48 -07:00
hdd qcacld-3.0: OOB read while processing extscan change results 2018-07-03 13:42:14 -07:00
mac Release 5.2.0.86T 2018-07-03 05:07:11 -07:00
pld qcacld-3.0: Update soc info by structure member 2018-06-29 07:12:34 -07:00
sap qcacld-3.0: Check for beacon channel in ACS channel list correctly 2018-07-03 06:38:18 -07:00
sme qcacld-3.0: Revert "qcacld-3.0:Fix the IOT issue with TxBF CSN value" 2018-07-02 08:45:39 -07:00
wma qcacld-3.0: OOB read while processing extscan change results 2018-07-03 13:42:14 -07:00