net: wireless: bcmdhd: fix buffer overrun in ePNOCommand
Insun Song [Wed, 1 Feb 2017 04:44:48 +0000 (20:44 -0800)]
added boundary check not to override allocated buffer.

Change-Id: Ia52e29adf282cace8f3a66e1a9e80eb375aa1629
Signed-off-by: Insun Song <insun.song@broadcom.com>
Bug: 32475556

bcmdhd/wifi_hal/gscan.cpp

index 620fbe4..cd61d5a 100644 (file)
@@ -1174,6 +1174,10 @@ public:
         }
     }
     int createSetupRequest(WifiRequest& request) {
+        if (epno_params.num_networks > MAX_EPNO_NETWORKS) {
+            ALOGE("wrong epno num_networks:%d", epno_params.num_networks);
+            return WIFI_ERROR_INVALID_ARGS;
+        }
         int result = request.create(GOOGLE_OUI, GSCAN_SUBCMD_SET_EPNO_SSID);
         if (result < 0) {
             return result;