Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit b2863218 authored by abhinav kumar's avatar abhinav kumar Committed by Gerrit - the friendly Code Review server
Browse files

qcacmn: Possible Integer overflow in wifi_pos_oem_rsp_handler 

API "target_if_wifi_pos_oem_rsp_ev_handler" is the handler for
the event with WMI_OEM_RESPONSE_EVENTID. Host receives
"rsp->dma_len" from fw. The integer overflow occurs if
"oem_rsp->dma_len" is big enough while calculating the total
length of the Oem Data response buffer.

Fix is to add a sanity check for rsp->dma_len to avoid integer
overflow.

Change-Id: Idfbd358f62534eae0147f03505ced5728877a269
CRs-Fixed: 3001191
parent 31a65aec
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment