wlan: Address buffer overflow due to invalid length

Check for valid length before copying the packet filter data from userspace buffer to kernel space buffer to avoid buffer overflow issue. Change-Id: I9548727543b903b5eaafa25c6184615d511ca99d CRs-Fixed: 930533
sonyxperiadev · Oct 28, 2015 · 4b91219 · 4b91219
1 parent fdd2b9c
commit 4b91219
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
@@ -8509,6 +8509,9 @@ int wlan_hdd_set_filter(hdd_context_t *pHddCtx, tpPacketFilterCfg pRequest,
 
                 hddLog(VOS_TRACE_LEVEL_INFO, "Data Offset %d Data Len %d",
                         pRequest->paramsData[i].dataOffset, pRequest->paramsData[i].dataLength);
+                if ((sizeof(packetFilterSetReq.paramsData[i].compareData)) <
+                    (pRequest->paramsData[i].dataLength))
+                    return -EINVAL;
 
                 memcpy(&packetFilterSetReq.paramsData[i].compareData,
                         pRequest->paramsData[i].compareData, pRequest->paramsData[i].dataLength);