wlan: Address buffer overflow due to invalid length

Check for valid length before copying the packet filter data from userspace buffer to kernel space buffer to avoid buffer overflow issue. Change-Id: Icfdcbb41a7266a2d1a87816d4e6803747002cff0 CRs-Fixed: 930533
author: Mahesh A Saptasagar <c_msapta@qti.qualcomm.com> 2015-10-27 15:40:18 +0530
committer: desaishivam26 <kane.desai@gmail.com> 2015-11-23 12:28:22 +0100
commit: f11329448d595575072db36bdee5974426a0db79 (patch)
tree: 61fc6512c2744358c44a8117f14310ac1ecaa83a
parent: 842d9c8740e19d4e3fded87fecaf9bad075e10e7 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
index 40050758357..3d67983c341 100755
--- a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
+++ b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
@@ -6390,6 +6390,9 @@ int wlan_hdd_set_filter(hdd_context_t *pHddCtx, tpPacketFilterCfg pRequest,
 
                 hddLog(VOS_TRACE_LEVEL_INFO, "Data Offset %d Data Len %d\n",
                         pRequest->paramsData[i].dataOffset, pRequest->paramsData[i].dataLength);
+                if ((sizeof(packetFilterSetReq.paramsData[i].compareData)) <
+                    (pRequest->paramsData[i].dataLength))
+                    return -EINVAL;
 
                 memcpy(&packetFilterSetReq.paramsData[i].compareData,
                         pRequest->paramsData[i].compareData, pRequest->paramsData[i].dataLength);
author	Mahesh A Saptasagar <c_msapta@qti.qualcomm.com>	2015-10-27 15:40:18 +0530
committer	desaishivam26 <kane.desai@gmail.com>	2015-11-23 12:28:22 +0100
commit	f11329448d595575072db36bdee5974426a0db79 (patch)
tree	61fc6512c2744358c44a8117f14310ac1ecaa83a
parent	842d9c8740e19d4e3fded87fecaf9bad075e10e7 (diff)