Commit 0a1b2115 authored by Vinay Gannevaram's avatar Vinay Gannevaram Committed by Sunil Ravi
Browse files

Heap-buffer-overflow in send_nl_data() of wifi hal 



In send_nl_data() function, the size of ctrl_msg can
be greater than size of nl_msg structure. This can
cause buffer overload due to out-of bound write in
nl_msg->nm_nlh. Added a check for length of ctrl_msg
to avoid the out-of-bound write.

Bug: 149836664
Test: Manual - Basic wifi sanity test
CRs-Fixed: 2605058
Change-Id: I73032dac6ce2f2e9ee7ede18b45b11a2b3f92053
Signed-off-by: default avatarVinay Gannevaram <quic_vganneva@quicinc.com>
parent f2edcbeb
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment