lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6cf025f727
android_kernel_xiaomi_sm8350/core
History
Pragaspathi Thilagaraj 6cf025f727 qcacld-3.0: Fix possible heap overflow in lim_update_ext_cap_ie 
In the function lim_process_set_default_scan_ie_request, memory
of MAX_DEFAULT_SCAN_IE_LEN (2048) is allocated for local_ie_buf.
This local_ie_buf accommodates the ie data and also the ext
capabilities. If the local_ie_len, that is used to copy the
ie_data to local_ie_buf is greater than
MAX_DEFAULT_SCAN_IE_LEN(2048) - (DOT11F_IE_EXTCAP_MAX_LEN(15) +
EXT_CAP_IE_HDR_LEN(2)), then heap overflow could occur.

Validate the MAX_DEFAULT_SCAN_IE_LEN against the difference
between MAX_DEFAULT_SCAN_IE_LEN and sum of EXT_CAP_IE_HDR_LEN
and DOT11F_IE_EXTCAP_MAX_LEN.

Change-Id: Id2f950440d69ddb09090643f8a426061c0d336c3
CRs-Fixed: 2231300
2018-06-28 03:11:05 -07:00
..
bmi qcacld-3.0: Abstract SDIO block size 2018-06-25 04:55:52 -07:00
cds qcacld-3.0: Pass correct pointer type to mac_open() 2018-06-27 18:58:38 -07:00
dp qcacld-3.0: Return supported max tx groups for all HIFs 2018-06-28 03:11:01 -07:00
hdd qcacld-3.0: Skip CAC and ignore radar indication for SAP 2018-06-28 03:10:54 -07:00
mac qcacld-3.0: Fix possible heap overflow in lim_update_ext_cap_ie 2018-06-28 03:11:05 -07:00
pld qcacld-3.0: Fix compilation error to enable genoa pcie 2018-06-27 02:11:24 -07:00
sap qcacld-3.0: Skip CAC and ignore radar indication for SAP 2018-06-28 03:10:54 -07:00
sme qcacld-3.0: Set disconnection in progress after starting disconnect 2018-06-27 22:16:37 -07:00
wma qcacld-3.0: Fix compilation error for LE targets 2018-06-28 03:10:51 -07:00