From 608e7e803f426c64b255edeb8b2d3c93ba6eae31 Mon Sep 17 00:00:00 2001
From: chenpaul <chenpaul@google.com>
Date: Thu, 23 Feb 2023 09:45:23 +0800
Subject: HAL: Fixed OOB read by assigning each param of Nancapabilities
 individually

This is a fix from pa/2386395, which avoid memcpy to keep backward compatibility

Bug: 265225404
Test: BRCM halutil (brcm_halutil -nan -get_capabilities)
Change-Id: I3dedfa9060c4bfa38de65446d6661423f278c614
---
 bcmdhd/wifi_hal/nan.cpp | 2 --
 1 file changed, 2 deletions(-)

diff --git a/bcmdhd/wifi_hal/nan.cpp b/bcmdhd/wifi_hal/nan.cpp
index c6a7249..4dd4dd9 100755
--- a/bcmdhd/wifi_hal/nan.cpp
+++ b/bcmdhd/wifi_hal/nan.cpp
@@ -1543,8 +1543,6 @@ class NanDiscEnginePrimitive : public WifiCommand
         } else if (rsp_data.response_type == NAN_RESPONSE_SUBSCRIBE) {
             rsp_data.body.subscribe_response.subscribe_id = mInstId;
         } else if (rsp_data.response_type == NAN_GET_CAPABILITIES) {
-            memcpy((void *)&rsp_data.body.nan_capabilities, (void *)&rsp_vndr_data->capabilities,
-                    min(len, sizeof(rsp_data.body.nan_capabilities)));
             /* avoid memcpy to keep backward compatibility */
             NanCapabilities *desc = &rsp_data.body.nan_capabilities;
             NanCapabilities *src = &rsp_vndr_data->capabilities;
-- 
cgit v1.2.3