diff options
Diffstat (limited to 'drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c')
-rw-r--r-- | drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c index 013a2db6b2ab..e45b70456011 100644 --- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c +++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c @@ -2871,7 +2871,7 @@ __wlan_hdd_cfg80211_extscan_set_ssid_hotlist(struct wiphy *wiphy, struct hdd_ext_scan_context *context; uint32_t request_id; char ssid_string[SIR_MAC_MAX_SSID_LENGTH + 1]; - int ssid_len; + int ssid_len, ssid_length; eHalStatus status; int i, rem, retval; unsigned long rc; @@ -2950,12 +2950,16 @@ __wlan_hdd_cfg80211_extscan_set_ssid_hotlist(struct wiphy *wiphy, hddLog(LOGE, FL("attr ssid failed")); goto fail; } - nla_memcpy(ssid_string, + ssid_length = nla_strlcpy(ssid_string, tb2[PARAM_SSID], sizeof(ssid_string)); hddLog(LOG1, FL("SSID %s"), ssid_string); ssid_len = strlen(ssid_string); + if (ssid_length > SIR_MAC_MAX_SSID_LENGTH) { + hddLog(LOGE, FL("Invalid ssid length")); + goto fail; + } memcpy(request->ssids[i].ssid.ssId, ssid_string, ssid_len); request->ssids[i].ssid.length = ssid_len; |