mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

mwifiex_ret_wmm_get_status() calls memcpy() without checking the
destination size.Since the source is given from remote AP which
contains illegal wmm elements , this may trigger a heap buffer
overflow.
Fix it by putting the length check before calling memcpy().

Signed-off-by: Qing Xu <[email protected]>
Signed-off-by: Kalle Valo <[email protected]>

0 files changed, 0 insertions, 0 deletions