Commit e30e3bea authored 7 years ago by Vignesh Viswanathan Committed by Siyuan Zhou 7 years ago

qcacld-2.0: Fix potential buffer overwrite in wma_vdev_start_rsp_ind


In function wma_vdev_start_rsp_ind, vdev_id is received from the FW
and is used to access wma_handle->interfaces without validating the
upper limit. If the value of vdev_id received from the FW is not
less than max_bssid, then a buffer overwrite will occur in the
function wma_vdev_start_rsp_ind.

Add sanity check to make sure vdev_id is less than max_bssid.

Bug: 72957725
Change-Id: I83e1b797ca50a7fb58519f66dde26b035a2393ce
CRs-Fixed: 2150359
Signed-off-by: Ahmed ElArabawy <arabawy@google.com>

parent 4aa4f272

No related branches found

No related tags found

No related merge requests found

Show whitespace changes

Inline Side-by-side

Showing with 19 additions and 13 deletions

Please register or to comment