HAL: Fixed OOB read by assigning each param of Nancapabilities individually

This is a fix from pa/2386395, which avoid memcpy to keep backward compatibility Bug: 265225404 Test: BRCM halutil (brcm_halutil -nan -get_capabilities) Change-Id: I3dedfa9060c4bfa38de65446d6661423f278c614
author: chenpaul <chenpaul@google.com> 2023-02-23 09:45:23 +0800
committer: chenpaul <chenpaul@google.com> 2023-02-23 09:45:23 +0800
commit: 608e7e803f426c64b255edeb8b2d3c93ba6eae31 (patch)
tree: 239830c33c313138434895412c7a02b66d133e55
parent: 6bda8c521ec8dfe0811f98b3eb3eaa15e1fad34d (diff)
download: wlan-608e7e803f426c64b255edeb8b2d3c93ba6eae31.tar.gz
1 files changed, 0 insertions, 2 deletions
diff --git a/bcmdhd/wifi_hal/nan.cpp b/bcmdhd/wifi_hal/nan.cpp
index c6a7249..4dd4dd9 100755
--- a/bcmdhd/wifi_hal/nan.cpp
+++ b/bcmdhd/wifi_hal/nan.cpp
@@ -1543,8 +1543,6 @@ class NanDiscEnginePrimitive : public WifiCommand
         } else if (rsp_data.response_type == NAN_RESPONSE_SUBSCRIBE) {
             rsp_data.body.subscribe_response.subscribe_id = mInstId;
         } else if (rsp_data.response_type == NAN_GET_CAPABILITIES) {
-            memcpy((void *)&rsp_data.body.nan_capabilities, (void *)&rsp_vndr_data->capabilities,
-                    min(len, sizeof(rsp_data.body.nan_capabilities)));
             /* avoid memcpy to keep backward compatibility */
             NanCapabilities *desc = &rsp_data.body.nan_capabilities;
             NanCapabilities *src = &rsp_vndr_data->capabilities;
author	chenpaul <chenpaul@google.com>	2023-02-23 09:45:23 +0800
committer	chenpaul <chenpaul@google.com>	2023-02-23 09:45:23 +0800
commit	608e7e803f426c64b255edeb8b2d3c93ba6eae31 (patch)
tree	239830c33c313138434895412c7a02b66d133e55
parent	6bda8c521ec8dfe0811f98b3eb3eaa15e1fad34d (diff)
download	wlan-608e7e803f426c64b255edeb8b2d3c93ba6eae31.tar.gz