lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Kernel Tree For Xiaomi 11 Lite NE 5G
10,151 Commits 2 Branches 0 Tags 5.2 GiB
C 98.1%
Assembly 1.1%
Makefile 0.3%
Shell 0.2%
Python 0.1%
9b7a116a9a
Go to file
Pragaspathi Thilagaraj 9b7a116a9a qcacld-3.0: Fix possible integer overflow in lim 
In the function lim_process_sme_update_access_policy_vendor_ie,
update_vendor_ie is parsed from the incomming msg. num_bytes is
the length of the IE and is retrived as
update_vendor_ie->ie[1]+2. This num_bytes value is used as the
size to copy the IE to pe_session_entry->access_policy_vendor_ie
The update_vendor_ie->ie[1] can have a maximum value of
SIR_MAC_MAX_IE_LENGTH . As the num_bytes is of uint8_t,a
possible integer overflow can occur in
lim_process_sme_update_access_policy_vendor_ie when num_bytes is
assigned with update_vendor_ie->ie[1].

Change the data type of the num_bytes to uint16_t so that it can
hold the value of update_vendor_ie->ie[1] without truncation.

Change-Id: I05c7e83a741bf1c9c0707be51f97eae9eff1ac97
CRs-Fixed: 2235044
2018-05-16 08:36:00 -07:00
components qcacld-3.0: Refine WLAN IPA event record 2018-05-15 13:54:21 -07:00
core qcacld-3.0: Fix possible integer overflow in lim 2018-05-16 08:36:00 -07:00
uapi/linux qcacld-3.0: uapi: Remove legacy markings 2018-04-24 14:48:24 -07:00
Android.mk qcacld-3.0: Correct symbolic link for wlan.ko 2017-08-06 05:00:09 -07:00
Kbuild qcacld-3.0: Change WLAN_FEATURE_HDD_MEMDUMP_ENABLE 2018-05-15 10:05:40 -07:00
Kconfig qcacld-3.0: Remove obsolete CONFIG_PRIMA_WLAN_11AC_HIGH_TP 2018-04-11 03:37:50 -07:00
Makefile qcacld-3.0: Allow out-of-tree build with relative path in M 2018-02-09 11:33:09 -08:00
README.txt

README.txt 

This is CNSS WLAN Host Driver for products starting from iHelium