android_kernel_xiaomi_sm8350

History

gaurank kathpalia a4a012ca2e qcacld-3.0: Add length check in wma_process_rmf_frame The driver verifies the replay_attack in protected management frames in the API wma_is_ccmp_pn_replay_attack The API expects a CCMP header pointer, but it may happen that the size of the total frame is less than the size of ieee frame + the CCMP header length. In that case the CCMP pointer will point to some memory location not allocated to the frame, which will result to out of bound access. Fix is to add a length check to memory allocated to wbuf in wma_process_rmf_frame Change-Id: I351fa671cb8728843c8843c27dd91bcb201abb42 CRs-Fixed: 2230976	2018-05-17 06:03:33 -07:00
..
inc	qcacld-3.0: Remove unused scan_info struct in wma_txrx_node	2018-05-16 02:07:38 -07:00
src	qcacld-3.0: Add length check in wma_process_rmf_frame	2018-05-17 06:03:33 -07:00

gaurank kathpalia a4a012ca2e qcacld-3.0: Add length check in wma_process_rmf_frame

The driver verifies the replay_attack in protected
management frames in the API wma_is_ccmp_pn_replay_attack
The API expects a CCMP header pointer, but it may happen that
the size of the total frame is less than the size of ieee frame
+ the CCMP header length. In that case the CCMP pointer will
point to some memory location  not allocated to the frame, which
will result to out of bound access.

Fix is to add a length check to memory allocated to wbuf in
wma_process_rmf_frame

Change-Id: I351fa671cb8728843c8843c27dd91bcb201abb42
CRs-Fixed: 2230976

2018-05-17 06:03:33 -07:00

inc

qcacld-3.0: Remove unused scan_info struct in wma_txrx_node

2018-05-16 02:07:38 -07:00

src

qcacld-3.0: Add length check in wma_process_rmf_frame

2018-05-17 06:03:33 -07:00