8cc36ff7 | 05-Mar-2024 |
Surabhi Vishnoi <quic_svishnoi@quicinc.com> |
qcacmn: Fix field-spanning kernel warning during driver load
Currently, driver passes void pointer to wmsg as source buffer in memcpy API to copy the local log_msg to nlmsg data buffer in ptt_sock_s
qcacmn: Fix field-spanning kernel warning during driver load
Currently, driver passes void pointer to wmsg as source buffer in memcpy API to copy the local log_msg to nlmsg data buffer in ptt_sock_send_msg_to_app(). This leads to kernel warn as kernel is unable to calculate the size of variable length source buffer.
To fix this issue, pass the data buffer of nlmsg in memcpy API so that kernel is able to calculate the size of source buffer and verify for buffer overflow before copy.
Change-Id: I91e2e1b0b8e58428ed5ba20c7caf4ec3b45a6428 CRs-Fixed: 3749523
show more ...
|
b223cb55 | 05-May-2023 |
Aditya Kodukula <quic_akodukul@quicinc.com> |
qcacmn: Fix field-spanning issue in ptt_sock_send_msg_to_app()
Currently in the function ptt_sock_send_msg_to_app(), memcpy() is used to copy data into multiple fields of the struct tAniHdr. When FO
qcacmn: Fix field-spanning issue in ptt_sock_send_msg_to_app()
Currently in the function ptt_sock_send_msg_to_app(), memcpy() is used to copy data into multiple fields of the struct tAniHdr. When FORTIFY_SOURCE feature is enabled, kernel warns of field-spanning.
To resolve this issue, assign a void pointer to the struct and use it in memcpy().
Change-Id: I30311b063e735a89dfd38e029dacc80d6808a4af CRs-Fixed: 3488513
show more ...
|