lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Add check for set_ft_ies length

Browse Source 
In file sme_ft_api.c, function sme_set_ft_ies(),
the ft_ies_length is user-controlled so there is
a possibility of integer overflow.

Add Sanity check to avoid integer overflow.

Change-Id: Idab80abeca35397be7ec13ca81c7ccb8be8ef256
CRs-Fixed: 2100965
This commit is contained in:
gaurank kathpalia 2017-11-01 10:45:40 +05:30 committed by snandini
parent 0707ddfedb
commit d6d79e884c
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/sme/src/common/sme_ft_api.c
View File

@ -195,6 +195,9 @@ void sme_set_ft_ies(tHalHandle hal_ptr, uint32_t session_id,
* reassoc req. This is the new FT Roaming in place At
* this juncture we'r ready to start sending Reassoc req
*/
ft_ies_length = QDF_MIN(ft_ies_length, MAX_FTIE_SIZE);
sme_debug("New Reassoc Req: %pK in state %d",
ft_ies, session->ftSmeContext.FTState);
if ((session->ftSmeContext.reassoc_ft_ies) &&