Dundi Raviteja 5296f49644 qcacld-3.0: Possible OOB access in wlan_hdd_cfg80211_start_bss() ... In wlan_hdd_cfg80211_start_bss(), beacon head buffer is typecast to ieee80211_mgmt structure without checking for buffer length against beacon header length which may cause OOB access while accessing iee80211_mgmt structure. To address this, add check for beacon head length against beacon header length before typecasting to iee80211_mgmt structure. Also while accessing supported rates, length given to function wlan_hdd_cfg80211_get_ie_ptr() is the total length of management frame that also includes header length which may cause OOB access while getting supported rates. To address this, send only beacon data length and exclude header length to function wlan_hdd_cfg80211_get_ie_ptr(). Change-Id: I442b236e48c3be8cbd8019c5c339593f9aa74e3e CRs-Fixed: 2335957		2018-11-13 12:04:34 -08:00
..
inc	qcacld-3.0: Fix some discrepancies in CFG INI comments	2018-11-13 08:28:08 -08:00
src	qcacld-3.0: Possible OOB access in wlan_hdd_cfg80211_start_bss()	2018-11-13 12:04:34 -08:00