Fix "[Security Vulnerability]mt_wifi IOCTL_GET_STRUCT EOP" issue - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	yang-cy.chen <yang-cy.chen@mediatek.com>	2016-01-14 10:57:45 +0800
committer	Moyster <oysterized@gmail.com>	2016-08-26 16:02:17 +0200
commit	ed4fff76be6333a98a6736bc2550fffb7d5e8053 (patch)
tree	b83f3b9ba4d8e61559556488ccade3e89bde2587 /scripts
parent	7a23e2529065caafe5f998f38c58919a0cac1087 (diff)

Fix "[Security Vulnerability]mt_wifi IOCTL_GET_STRUCT EOP" issue

Problem: prNdisReq->ndisOidContent is in a static allocation of size 0x1000, and prIwReqData->data.length is a usermode controlled unsigned short ,so the copy_from_user results in memory corruption. Solution: Add boundary protection to prevent buffer overflow Bug num:26267358 Change-Id: I70f9d2affb9058e2e80b6b9f8278d538186283d3 Signed-off-by: yang-cy.chen <yang-cy.chen@mediatek.com> (cherry picked from commit 9c112c7344a2642a6e7ee29ee920900248a29e8a)

Diffstat (limited to 'scripts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: