Commit 0a1b2115 authored Jan 20, 2020 by Vinay Gannevaram Committed by Sunil Ravi Mar 05, 2020

Heap-buffer-overflow in send_nl_data() of wifi hal



In send_nl_data() function, the size of ctrl_msg can
be greater than size of nl_msg structure. This can
cause buffer overload due to out-of bound write in
nl_msg->nm_nlh. Added a check for length of ctrl_msg
to avoid the out-of-bound write.

Bug: 149836664
Test: Manual - Basic wifi sanity test
CRs-Fixed: 2605058
Change-Id: I73032dac6ce2f2e9ee7ede18b45b11a2b3f92053
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>

parent f2edcbeb

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 72812f3a
· May 22, 2026

mentioned in commit 72812f3a

mentioned in commit 72812f3a8376dce293388bc1ddd1e515396840cc

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 465cd5f4
· May 22, 2026

mentioned in commit 465cd5f4

mentioned in commit 465cd5f42ab59251e8e019487be58fa6474dad49

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 6494cd2c
· May 22, 2026

mentioned in commit 6494cd2c

mentioned in commit 6494cd2ca1c1f0417f6aaf7f47e79789dc2df7a8

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 0f79b1b3
· May 22, 2026

mentioned in commit 0f79b1b3

mentioned in commit 0f79b1b3597919c0ab83a8b841898945b744ab19

Toggle commit list

Please to comment