wlan: Add NULL check for tail, probe response and assoc response
In wlan_hdd_cfg80211_alloc_new_beacon API, tail or proberesp_ies
or assocresp_ies can be NULL and dereferenced by passing to memcpy
Add NULL check for tail and proberesp_ies and assocresp_ies.
CRs-Fixed: 1115270
Change-Id: I90d3946a2aaca4fe93113da3b351343d281917a5
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index adeaa59..b2e69e6 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -8636,10 +8636,14 @@
beacon->proberesp_ies_len = proberesp_ies_len;
beacon->assocresp_ies_len= assocresp_ies_len;
- memcpy(beacon->head, head, head_len);
- memcpy(beacon->tail, tail, tail_len);
- memcpy(beacon->proberesp_ies, proberesp_ies, proberesp_ies_len);
- memcpy(beacon->assocresp_ies, assocresp_ies, assocresp_ies_len);
+ if (head && head_len)
+ memcpy(beacon->head, head, head_len);
+ if (tail && tail_len)
+ memcpy(beacon->tail, tail, tail_len);
+ if (proberesp_ies && proberesp_ies_len)
+ memcpy(beacon->proberesp_ies, proberesp_ies, proberesp_ies_len);
+ if (assocresp_ies && assocresp_ies_len)
+ memcpy(beacon->assocresp_ies, assocresp_ies, assocresp_ies_len);
*ppBeacon = beacon;