307d4895868236ac0a746f8f3450eb6f938d007d - platform/vendor/qcom-opensource/wlan/prima

commit	307d4895868236ac0a746f8f3450eb6f938d007d	[log] [tgz]
author	Nachiket Kukade <nkukade@codeaurora.org>	Tue Jan 23 23:36:25 2018 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	Thu Jan 25 23:33:09 2018 -0800
tree	1fea3ec9d91aed381f63cbe5570ca5383d1e06b9
parent	d54215652429371a8850bf036f12648053b3517e [diff]

wlan: Add maximum bound check on WPA RSN IE length

In set_ie after receiving DOT11F_EID_RSN, WPA RSN IE is copied from
source without a check on the given IE length. A malicious IE length
can cause buffer overflow.

Apply the same logic from Id159d307e8f9c1de720d4553a7c29f23cbd28571
that was applied under DOT11F_EID_WPA. This adds maximum bound check
on WPA RSN IE length.

Change-Id: I04f980fe44328b1a3f6a6d4854228cc4c9f1a1c7
CRs-Fixed: 2177210

CORE/HDD/src/wlan_hdd_cfg80211.c[diff]

1 file changed

tree: 1fea3ec9d91aed381f63cbe5570ca5383d1e06b9

CORE/
firmware_bin/
riva/
Android.mk
Kbuild
Kconfig
Makefile