Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit d2b69409 authored by Rajeev Kumar Sirasanagandla's avatar Rajeev Kumar Sirasanagandla Committed by nshrivas
Browse files

qcacmn: Fix possible overread in wifi_pos_parse_req 

In wifi_pos_parse_req(), payload sections of nl attributes ATTR_DATA and
ATTR_META_DATA are type casted to driver internal structures tAniMsgHdr
and wifi_pos_field_info respectively without validating payload lengths
which can lead to buffer overread if the payload lengths are less than
size of internal structures.

To fix this, avoid type-cast and return error if payload lengths of nl
attributes ATTR_DATA and ATTR_META_DATA are less than size of tAniMsgHdr
and wifi_pos_field_info respectively.

Change-Id: Ie9e3197f2cd3852b394e834991aa8d3a5b530d85
CRs-Fixed: 2471275
parent f98a0ac7
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment