Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit ebfb0654 authored by Rajeev Kumar Sirasanagandla's avatar Rajeev Kumar Sirasanagandla Committed by nshrivas
Browse files

qcacld-3.0: Avoid info leak in spectral scan handler 

In __spectral_scan_msg_handler(), payload section of input data is
type casted to driver internal structure spectral_scan_msg without
validating payload length which can lead to kernel info leak
if the payload length is less than size of spectral_scan_msg.

To fix this, avoid type-cast and return error if payload length is
less than size of spectral_scan_msg.

Change-Id: Ie7e74cc2cdcf8136582e81ffc3a088fd5a881dc9
CRs-Fixed: 2468493
parent 9047bc68
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment