android_kernel_xiaomi_sm8350

History

Pragaspathi Thilagaraj 6cf025f727 qcacld-3.0: Fix possible heap overflow in lim_update_ext_cap_ie In the function lim_process_set_default_scan_ie_request, memory of MAX_DEFAULT_SCAN_IE_LEN (2048) is allocated for local_ie_buf. This local_ie_buf accommodates the ie data and also the ext capabilities. If the local_ie_len, that is used to copy the ie_data to local_ie_buf is greater than MAX_DEFAULT_SCAN_IE_LEN(2048) - (DOT11F_IE_EXTCAP_MAX_LEN(15) + EXT_CAP_IE_HDR_LEN(2)), then heap overflow could occur. Validate the MAX_DEFAULT_SCAN_IE_LEN against the difference between MAX_DEFAULT_SCAN_IE_LEN and sum of EXT_CAP_IE_HDR_LEN and DOT11F_IE_EXTCAP_MAX_LEN. Change-Id: Id2f950440d69ddb09090643f8a426061c0d336c3 CRs-Fixed: 2231300	2018-06-28 03:11:05 -07:00
..
inc	Release 5.2.0.85U	2018-06-27 22:16:37 -07:00
src	qcacld-3.0: Fix possible heap overflow in lim_update_ext_cap_ie	2018-06-28 03:11:05 -07:00

Pragaspathi Thilagaraj 6cf025f727 qcacld-3.0: Fix possible heap overflow in lim_update_ext_cap_ie

In the function lim_process_set_default_scan_ie_request, memory
of MAX_DEFAULT_SCAN_IE_LEN (2048) is allocated for local_ie_buf.
This local_ie_buf accommodates the ie data and also the ext
capabilities. If the local_ie_len, that is used to copy the
ie_data to local_ie_buf is greater than
MAX_DEFAULT_SCAN_IE_LEN(2048) - (DOT11F_IE_EXTCAP_MAX_LEN(15) +
EXT_CAP_IE_HDR_LEN(2)), then heap overflow could occur.

Validate the MAX_DEFAULT_SCAN_IE_LEN against the difference
between MAX_DEFAULT_SCAN_IE_LEN and sum of EXT_CAP_IE_HDR_LEN
and DOT11F_IE_EXTCAP_MAX_LEN.

Change-Id: Id2f950440d69ddb09090643f8a426061c0d336c3
CRs-Fixed: 2231300

2018-06-28 03:11:05 -07:00

inc

Release 5.2.0.85U

2018-06-27 22:16:37 -07:00

src

qcacld-3.0: Fix possible heap overflow in lim_update_ext_cap_ie

2018-06-28 03:11:05 -07:00