net: wireless: bcmdhd: fix buffer overrun in ePNOCommand
added boundary check not to override allocated buffer.
Change-Id: Ia52e29adf282cace8f3a66e1a9e80eb375aa1629
Signed-off-by: Insun Song <insun.song@broadcom.com>
Bug: 32475556
diff --git a/bcmdhd/wifi_hal/gscan.cpp b/bcmdhd/wifi_hal/gscan.cpp
index 620fbe4..cd61d5a 100644
--- a/bcmdhd/wifi_hal/gscan.cpp
+++ b/bcmdhd/wifi_hal/gscan.cpp
@@ -1174,6 +1174,10 @@
}
}
int createSetupRequest(WifiRequest& request) {
+ if (epno_params.num_networks > MAX_EPNO_NETWORKS) {
+ ALOGE("wrong epno num_networks:%d", epno_params.num_networks);
+ return WIFI_ERROR_INVALID_ARGS;
+ }
int result = request.create(GOOGLE_OUI, GSCAN_SUBCMD_SET_EPNO_SSID);
if (result < 0) {
return result;