Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / quic / qsdk / wifi / qca-wifi-oss / d7b4847bee824c2565323f9c376232975538afeb
commitd7b4847bee824c2565323f9c376232975538afeb[log] [tgz]
authorRajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>Tue Oct 23 16:00:11 2018 +0530
committernshrivas <nshrivas@codeaurora.org>Tue Oct 30 06:29:39 2018 -0700
tree1dbcb44a091bc4cc71cdbf0da139092f502abfaa
parent78b6ac9ceccfe926781374026cc748f8d9047c2d [diff]
qcacmn: Avoid buffer overflow in roam scan stats extract handler

In extract_roam_scan_stats_res_evt_tlv(), there is potential
buffer-overflow due to no input validation of following event
parameters from firmware:
(a) Roam scan frequencies against maximum value of 50
(WMI_ROAM_SCAN_STATS_CHANNELS_MAX) and
(b) Roam scan candidates against maximum value of 4
(WMI_ROAM_SCAN_STATS_CANDIDATES_MAX)

To fix this, validate roam scan stats event parameters.

Change-Id: I866b492f7ccb48c4960ff25a9e817cbdb394509e
CRs-Fixed: 2335530
1 file changed
tree: 1dbcb44a091bc4cc71cdbf0da139092f502abfaa
  1. wmi_tlv_helper.c
  2. wmi_tlv_platform.c
  3. wmi_unified.c
  4. wmi_unified_action_oui_tlv.c
  5. wmi_unified_ap_api.c
  6. wmi_unified_ap_tlv.c
  7. wmi_unified_apf_tlv.c
  8. wmi_unified_api.c
  9. wmi_unified_atf_api.c
  10. wmi_unified_atf_tlv.c
  11. wmi_unified_concurrency_api.c
  12. wmi_unified_concurrency_tlv.c
  13. wmi_unified_dbr_api.c
  14. wmi_unified_dbr_tlv.c
  15. wmi_unified_dfs_api.c
  16. wmi_unified_extscan_api.c
  17. wmi_unified_extscan_tlv.c
  18. wmi_unified_nan_api.c
  19. wmi_unified_nan_tlv.c
  20. wmi_unified_non_tlv.c
  21. wmi_unified_ocb_api.c
  22. wmi_unified_ocb_tlv.c
  23. wmi_unified_ocb_ut.c
  24. wmi_unified_p2p_api.c
  25. wmi_unified_p2p_tlv.c
  26. wmi_unified_pmo_api.c
  27. wmi_unified_pmo_tlv.c
  28. wmi_unified_reg_api.c
  29. wmi_unified_roam_api.c
  30. wmi_unified_roam_tlv.c
  31. wmi_unified_smart_ant_api.c
  32. wmi_unified_smart_ant_tlv.c
  33. wmi_unified_sta_api.c
  34. wmi_unified_sta_tlv.c
  35. wmi_unified_tlv.c
  36. wmi_unified_twt_api.c
  37. wmi_unified_twt_tlv.c