commit 10eec55e7003a6648455d104c7ce70eb6cf25eb4
author Alice Ou <alice.ou@mediatek.com> Fri Dec 15 16:17:11 2017 +0800
committer Alice Ou <alice.ou@mediatek.com> Tue Dec 26 10:57:38 2017 +0800
tree 2f127fc4015d72850a980ce882dcb3da9667c822
parent 84a92d13e2d8a4aa2932948356186a9937cee9c9

[WCNCR00169673] misc: add security patch [CVE-2016-3810]

[Description]
1. Return real status.
2. Add boundary protection to prevent buffer overflow.

Change-Id: I7cd70107ea6ac834c93767cbf282ccc7339c5ea1
Signed-off-by: Alice Ou <alice.ou@mediatek.com>
CR-Id: WCNCR00169673
Feature: misc
Reviewed-on: http://gerrit.mediatek.inc:8080/1253455
CheckPatch: Check Patch <srv_checkpatch@mediatek.com>
Reviewed-by: George Kuo <george.kuo@mediatek.com>
Reviewed-by: Sarick Jiang <sarick.jiang@mediatek.com>
Reviewed-by: Soul Huang <soul.huang@mediatek.com>
Build: srv_neptune_adm <srv_neptune_adm@mediatek.com>

os/linux/gl_wext.c

diff --git a/os/linux/gl_wext.c b/os/linux/gl_wext.c
index d1f6bf2..4f0837b 100644
--- a/os/linux/gl_wext.c
+++ b/os/linux/gl_wext.c
@@ -2064,7 +2064,7 @@
 
 	kalMemFree(prSsid, VIR_MEM_TYPE, sizeof(PARAM_SSID_T));
 
-	return 0;
+	return rStatus;
 }				/* wext_get_essid */
 
 #if 0
@@ -3496,7 +3496,7 @@
 
 		ret = wext_get_essid(prDev, NULL, &iwr->u.essid, prExtraBuf);
 		if (ret == 0) {
-			if (copy_to_user(iwr->u.essid.pointer, prExtraBuf, iwr->u.essid.length))
+			if (copy_to_user(iwr->u.essid.pointer, prExtraBuf, IW_ESSID_MAX_SIZE))
 				ret = -EFAULT;
 		}