Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 579e796c authored by Anand Kumar's avatar Anand Kumar
Browse files

wcnss: Avoid user buffer overloading for write cal data 



compare size of allocated cal data buffer from heap
and count bytes provided to write by user to avoid
heap overflow for write cal data.

Change-Id: Id70c3230f761385489e5e94c613f4519239dfb1f
CRs-Fixed: 1032174
Signed-off-by: default avatarAnand Kumar <anandkumar@codeaurora.org>
parent 450bd44d

drivers/net/wireless/wcnss/wcnss_wlan.c

+1 −1
Original line number Diff line number Diff line
@@ -3339,7 +3339,7 @@ static ssize_t wcnss_wlan_write(struct file *fp, const char __user 
		return -EFAULT;



	if ((UINT32_MAX - count < penv->user_cal_rcvd) ||

	     MAX_CALIBRATED_DATA_SIZE < count + penv->user_cal_rcvd) {

		(penv->user_cal_exp_size < count + penv->user_cal_rcvd)) {

		pr_err(DEVICE " invalid size to write %zu\n", count +

				penv->user_cal_rcvd);

		rc = -ENOMEM;