Commit b56533c3 authored by Khanjan Desai's avatar Khanjan Desai
Browse files

Heap-buffer-overflow in send_nl_data() of wifi hal 

In send_nl_data() function, the size of ctrl_msg can
be greater than size of nl_msg structure. This can
cause buffer overload due to out-of bound write in
nl_msg->nm_nlh. Added a check for length of ctrl_msg
to avoid the out-of-bound write.

CRs-Fixed: 2605058
Change-Id: I73032dac6ce2f2e9ee7ede18b45b11a2b3f92053
parent d25e97aa
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment