commit | ccffcbea041fbdc80d7915fb21fdc5555d584e6f | [log] [tgz] |
---|---|---|
author | Khanjan Desai <khanjan@codeaurora.org> | Mon Jan 20 14:31:32 2020 +0530 |
committer | Gerrit - the friendly Code Review server <code-review@localhost> | Mon Jan 20 06:02:17 2020 -0800 |
tree | 00ac651028945e27becfe395003f2bfc5f2752b9 | |
parent | cd1d91d93f36a80c4d489ac6c08cef2766e3f081 [diff] |
Heap-buffer-overflow in send_nl_data() of wifi hal In send_nl_data() function, the size of ctrl_msg can be greater than size of nl_msg structure. This can cause buffer overload due to out-of bound write in nl_msg->nm_nlh. Added a check for length of ctrl_msg to avoid the out-of-bound write. CRs-Fixed: 2605058 Change-Id: I73032dac6ce2f2e9ee7ede18b45b11a2b3f92053