lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
db3c6f57e3
android_kernel_xiaomi_sm8350/core
History
Abhinav Kumar db3c6f57e3 qcacld-3.0: Fix out-of-bounds access in lim_process_assoc_req_frame 
Currently the function lim_process_assoc_req_frame uses frame_len
without validation to parse the IE buffer which could lead to
out-of-bounds memory access if the frame_len is less than or
equal to LIM_ASSOC_REQ_IE_OFFSET(4).

Add check to validate the frame_len with LIM_ASSOC_REQ_IE_OFFSET
before sending (frame_len - LIM_ASSOC_REQ_IE_OFFSET) to
cfg_get_vendor_ie_ptr_from_oui to parse only the IE buffer.

Change-Id: Iaa9e8db4a2605169c9ad3904878a2e626eb6de8b
CRs-Fixed: 2259707
2018-06-25 14:12:45 -07:00
..
bmi qcacld-3.0: Abstract SDIO block size 2018-06-25 04:55:52 -07:00
cds qcacld-3.0: cds: Replace tSirRetStatus with QDF_STATUS 2018-06-24 11:58:47 -07:00
dp qcacld-3.0: Fix compilation error 2018-06-21 22:42:15 -07:00
hdd qcacld-3.0: Configure num_vdevs for FTM mode 2018-06-25 10:02:16 -07:00
mac qcacld-3.0: Fix out-of-bounds access in lim_process_assoc_req_frame 2018-06-25 14:12:45 -07:00
pld qcacld-3.0: Check if sdio device is valid before start wifi 2018-06-07 21:08:36 -07:00
sap qcacld-3.0: sap: Replace tSirRetStatus with QDF_STATUS 2018-06-22 14:07:58 -07:00
sme qcacld-3.0: Fix csr_is_pmf_capabilities_in_rsn_match() param 2018-06-25 12:41:07 -07:00
wma qcacld-3.0: Report valid MCS index to upper layer 2018-06-22 21:07:13 -07:00