lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2d1b311af2
android_kernel_xiaomi_sm8350/core
History
Pragaspathi Thilagaraj 2d1b311af2 qcacld-3.0: Fix possible OOB in lim_chk_n_process_wpa_rsn_ie 
In the function lim_chk_n_process_wpa_rsn_ie, if wpa IE is
present, then dot11f_unpack_ie_wpa is called to copy the wpa IE
to destination buffer. assoc_req->wpa.length is passed as the
length to copy the IE. As this length includes 4 bytes of the
OUI fields also, this could result in OOB read.

Change the length passed to the dot11f_unpack_ie_wpa as
(assoc_req->wpa.length - 4), so that the additional 4 bytes of
the OUI fields are excluded.

Change-Id: If972b3a19d239bb955c7b4d4c7d94e25aa878f21
CRs-Fixed: 2267557
2018-07-21 03:35:33 -07:00
..
bmi qcacld-3.0: Featurize wlan BMI 2018-07-12 12:34:43 -07:00
cds qcacld-3.0: Change log level rx_thread affinity info 2018-07-19 21:33:00 -07:00
dp qcacld-3.0: Add support to set/get timestamp for management frames 2018-07-18 00:17:59 -07:00
hdd qcacld-3.0: Fix using uninitialized values in hdd_send_twt_enable_cmd 2018-07-20 16:23:50 -07:00
mac qcacld-3.0: Fix possible OOB in lim_chk_n_process_wpa_rsn_ie 2018-07-21 03:35:33 -07:00
pld qcacld-3.0: Add shutdown/reinit support for PLD_CNSS_USB 2018-07-19 08:32:41 -07:00
sap qcacld-3.0: Update dot11_mode based on target channel during chan switch 2018-07-13 15:46:02 -07:00
sme qcacld-3.0: Rename tCsrLinkStatusCallback and related identifiers 2018-07-19 23:10:05 -07:00
wma qcacld-3.0: Remove wma_get_buf_extscan_change_monitor_cmd() 2018-07-20 12:06:23 -07:00