qcacld-2.0: Add string length validation
In hdd_parse_get_ibss_peer_info(), issue is reported by external
researcher that lack of string length validation might lead to
out-of-bounds read.
Related string length validation is added accordingly.
Change-Id: If04cc77b5fca782094dc577b21e1537dfe783282
CRs-Fixed: 2101686
diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c
index ac07b9c..75b872b 100644
--- a/CORE/HDD/src/wlan_hdd_main.c
+++ b/CORE/HDD/src/wlan_hdd_main.c
@@ -1718,7 +1718,9 @@
hdd_parse_get_ibss_peer_info(tANI_U8 *pValue, v_MACADDR_t *pPeerMacAddr)
{
tANI_U8 *inPtr = pValue;
- inPtr = strnchr(pValue, strlen(pValue), SPACE_ASCII_VALUE);
+ size_t inPtrLen = strlen(pValue);
+
+ inPtr = strnchr(pValue, inPtrLen, SPACE_ASCII_VALUE);
if (NULL == inPtr)
{
@@ -1737,6 +1739,12 @@
return VOS_STATUS_E_FAILURE;;
}
+ inPtrLen -= (inPtr - pValue);
+ if (inPtrLen < 17)
+ {
+ return VOS_STATUS_E_FAILURE;
+ }
+
if (inPtr[2] != ':' || inPtr[5] != ':' || inPtr[8] != ':' ||
inPtr[11] != ':' || inPtr[14] != ':')
{