android_kernel_xiaomi_sm8350

History

Vignesh Viswanathan 053efa32c8 qcacld-3.0: Add check for min buffer length in find_ie_defn In find_ie_defn function, if the current IE is an Ext IE with EID=255, the third byte of the IE is accessed to get the extn_eid. However, if the actual buffer length is less than 3, then an OOB read would occur while trying to access extn_eid. Add check to access pbuf + 2 for extn_eid only if nbuf is greater than 2. Change-Id: Id9708176affe35a85eb21a07901ae8ed62b78b9e CRs-Fixed: 2237141	2018-05-12 08:45:28 -07:00
..
inc	Release 5.2.0.77M	2018-05-12 07:45:35 -07:00
src	qcacld-3.0: Add check for min buffer length in find_ie_defn	2018-05-12 08:45:28 -07:00

Vignesh Viswanathan 053efa32c8 qcacld-3.0: Add check for min buffer length in find_ie_defn

In find_ie_defn function, if the current IE is an Ext IE with EID=255,
the third byte of the IE is accessed to get the extn_eid. However, if
the actual buffer length is less than 3, then an OOB read would occur
while trying to access extn_eid.

Add check to access pbuf + 2 for extn_eid only if nbuf is greater than 2.

Change-Id: Id9708176affe35a85eb21a07901ae8ed62b78b9e
CRs-Fixed: 2237141

2018-05-12 08:45:28 -07:00

inc

Release 5.2.0.77M

2018-05-12 07:45:35 -07:00

src

qcacld-3.0: Add check for min buffer length in find_ie_defn

2018-05-12 08:45:28 -07:00