net: wireless: bcmdhd: fix buffer overrun in ePNOCommand

added boundary check not to override allocated buffer. Change-Id: Ia52e29adf282cace8f3a66e1a9e80eb375aa1629 Signed-off-by: Insun Song <insun.song@broadcom.com> Bug: 32475556
author: Insun Song <insun.song@broadcom.com> 2017-01-31 20:44:48 -0800
committer: Ecco Park <eccopark@google.com> 2017-02-08 21:32:35 +0000
commit: 5a434343e3515e2c1e29b879ed67898206016f3f (patch)
tree: c99c01b6848a8f4c5b690be9f0d9de185b0739f6
parent: 38cfc377c2f0acd6e46c2a9b864fd500a1e8e544 (diff)
download: wlan-5a434343e3515e2c1e29b879ed67898206016f3f.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/bcmdhd/wifi_hal/gscan.cpp b/bcmdhd/wifi_hal/gscan.cpp
index 620fbe4..cd61d5a 100644
--- a/bcmdhd/wifi_hal/gscan.cpp
+++ b/bcmdhd/wifi_hal/gscan.cpp
@@ -1174,6 +1174,10 @@ public:
         }
     }
     int createSetupRequest(WifiRequest& request) {
+        if (epno_params.num_networks > MAX_EPNO_NETWORKS) {
+            ALOGE("wrong epno num_networks:%d", epno_params.num_networks);
+            return WIFI_ERROR_INVALID_ARGS;
+        }
         int result = request.create(GOOGLE_OUI, GSCAN_SUBCMD_SET_EPNO_SSID);
         if (result < 0) {
             return result;
author	Insun Song <insun.song@broadcom.com>	2017-01-31 20:44:48 -0800
committer	Ecco Park <eccopark@google.com>	2017-02-08 21:32:35 +0000
commit	5a434343e3515e2c1e29b879ed67898206016f3f (patch)
tree	c99c01b6848a8f4c5b690be9f0d9de185b0739f6
parent	38cfc377c2f0acd6e46c2a9b864fd500a1e8e544 (diff)
download	wlan-5a434343e3515e2c1e29b879ed67898206016f3f.tar.gz