Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7ad7bf89 authored by Pragaspathi Thilagaraj's avatar Pragaspathi Thilagaraj Committed by snandini
Browse files

qcacmn: Fix possible OOB access while sending ext stats request 

In 32-bit systems, currently there is possible oob access in
send_stats_ext_req_cmd_tlv() is preq->request_data_len is
uin32_t max and len is also of type uint32_t.

Fix possible OOB access while sending ext stats request message
to firmware by validating the requested data length against the
difference between wmi max message size(WMI_SVC_MSG_MAX_SIZE),
size of the wmi command fixed param and wmi tlv header size
WMI_TLV_HDR_SIZE.

Change-Id: I769c9a6b7c0e0f76e2ec1070cac6c69768816454
CRs-Fixed: 2724256
parent 4c39495a
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment