qcwcn: Heap-buffer-overflow in register_monitor_sock() of wifi hal am: 0ed8dbf042

Change-Id: Id4458dba85b590cc2aed4dedf1ccfd3f93f43f29
author: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2020-03-10 01:29:20 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2020-03-10 01:29:20 +0000
commit: 027a922c95967a6ba3ddda8b522de963df16da19 (patch)
tree: 1d4b41fa17c48906cc6b40d0a64df3da2b1c892f /qcwcn/wifi_hal/wifi_hal.cpp
parent: 959e96762c33bdb58768f0cac64d4779367af431 (diff)
parent: 0ed8dbf042a7b00ad9efa10d1f6a945b1423682f (diff)
download: wlan-027a922c95967a6ba3ddda8b522de963df16da19.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/qcwcn/wifi_hal/wifi_hal.cpp b/qcwcn/wifi_hal/wifi_hal.cpp
index 2a6a9e9..4576063 100644
--- a/qcwcn/wifi_hal/wifi_hal.cpp
+++ b/qcwcn/wifi_hal/wifi_hal.cpp
@@ -1291,6 +1291,12 @@ static int register_monitor_sock(wifi_handle handle, wifihal_ctrl_req_t *ctrl_ms
 
     if(attach)
     {
+       if (ctrl_msg->monsock_len > sizeof(struct sockaddr_un))
+       {
+         ALOGE("%s: Invalid monitor socket length \n", __FUNCTION__);
+         return -3;
+       }
+
        nreg = (wifihal_mon_sock_t *)malloc(sizeof(*reg) + match_len);
         if (!nreg)
            return -1;
author	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2020-03-10 01:29:20 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2020-03-10 01:29:20 +0000
commit	027a922c95967a6ba3ddda8b522de963df16da19 (patch)
tree	1d4b41fa17c48906cc6b40d0a64df3da2b1c892f /qcwcn/wifi_hal/wifi_hal.cpp
parent	959e96762c33bdb58768f0cac64d4779367af431 (diff)
parent	0ed8dbf042a7b00ad9efa10d1f6a945b1423682f (diff)
download	wlan-027a922c95967a6ba3ddda8b522de963df16da19.tar.gz