lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Validate wpa ie length before extracting ie

Browse Source 
During initializing ibss security settings there is a possibility
of integer underflow while extracting wpa ie because of ie length
check miss.

Add wpa ie length boundary check before extracting wpa ie.

Change-Id: I37d8ee5ea1e1ba12277128a1407783f5647251b6
CRs-Fixed: 2151241
This commit is contained in:
Hanumanth Reddy Pothula 2018-01-24 17:54:15 +05:30 committed by snandini
parent 89c85d1d18
commit f6e3db3394
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/hdd/src/wlan_hdd_cfg80211.c
View File

@ -18977,6 +18977,11 @@ static int wlan_hdd_cfg80211_set_privacy_ibss(struct hdd_adapter *adapter,
* Skip past the EID byte and length byte
* and four byte WiFi OUI
*/
if (ie[1] < DOT11F_IE_WPA_MIN_LEN ||
ie[1] > DOT11F_IE_WPA_MAX_LEN) {
hdd_err("invalid ie len:%d", ie[1]);
return -EINVAL;
}
dot11f_unpack_ie_wpa((tpAniSirGlobal) halHandle,
(uint8_t *)&ie[2 + 4],
ie[1] - 4, &dot11WPAIE,