commit 0ed8dbf042a7b00ad9efa10d1f6a945b1423682f
author Vinay Gannevaram <quic_vganneva@quicinc.com> Mon Jan 20 13:20:30 2020 +0530
committer Sunil Ravi <sunilravi@google.com> Thu Mar 05 16:36:12 2020 -0800
tree 056c465e86693df2431769f5a68be6891874d8ac
parent 0a1b211537405d3a1d64ae9a1d6feee58262a41f

qcwcn: Heap-buffer-overflow in register_monitor_sock() of wifi hal

This changes is to avoid the buffer-overflow in register_monitor_sock()
where "nreg->monsock" is getting filled with the data of length
"ctrl_msg->monsock_len" without the validation of length. Address this
issue by have a length check done before filling the buffer.

Bug: 149836664
Test: Manual - Basic wifi sanity test
CRs-Fixed: 2604404
Change-Id: I36b7ac274bd4f92eceabd5bd6534c73ae5a9ae73
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>