qcacld-2.0: Add string length validation In hdd_parse_get_ibss_peer_info(), issue is reported by external researcher that lack of string length validation might lead to out-of-bounds read. Related string length validation is added accordingly. Change-Id: If04cc77b5fca782094dc577b21e1537dfe783282 CRs-Fixed: 2101686

commit: 65870d635a8a6b9d3f4809d61e9ad54b78ce1a3c [log] [tgz]
author: Min Liu <minliu@codeaurora.org> Mon Jan 08 22:26:33 2018 +0800
committer: Anjaneedevi Kapparapu <akappara@codeaurora.org> Thu Feb 01 15:22:50 2018 +0530
tree: 8de538939a7bbcc0deccee20723e0f42f469d629
parent: 8a9852254d3c6baa102d309e9bb34164ab7f44db [diff]
diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c
index ac07b9c..75b872b 100644
--- a/CORE/HDD/src/wlan_hdd_main.c
+++ b/CORE/HDD/src/wlan_hdd_main.c

@@ -1718,7 +1718,9 @@
 hdd_parse_get_ibss_peer_info(tANI_U8 *pValue, v_MACADDR_t *pPeerMacAddr)
 {
     tANI_U8 *inPtr = pValue;
-    inPtr = strnchr(pValue, strlen(pValue), SPACE_ASCII_VALUE);
+    size_t inPtrLen = strlen(pValue);
+
+    inPtr = strnchr(pValue, inPtrLen, SPACE_ASCII_VALUE);
 
     if (NULL == inPtr)
     {
@@ -1737,6 +1739,12 @@
         return VOS_STATUS_E_FAILURE;;
     }
 
+    inPtrLen -= (inPtr - pValue);
+    if (inPtrLen < 17)
+    {
+        return VOS_STATUS_E_FAILURE;
+    }
+
     if (inPtr[2] != ':' || inPtr[5] != ':' || inPtr[8] != ':' ||
         inPtr[11] != ':' || inPtr[14] != ':')
     {
commit	65870d635a8a6b9d3f4809d61e9ad54b78ce1a3c	[log] [tgz]
author	Min Liu <minliu@codeaurora.org>	Mon Jan 08 22:26:33 2018 +0800
committer	Anjaneedevi Kapparapu <akappara@codeaurora.org>	Thu Feb 01 15:22:50 2018 +0530
tree	8de538939a7bbcc0deccee20723e0f42f469d629
parent	8a9852254d3c6baa102d309e9bb34164ab7f44db [diff]