commit | 307d4895868236ac0a746f8f3450eb6f938d007d | [log] [tgz] |
---|---|---|
author | Nachiket Kukade <nkukade@codeaurora.org> | Tue Jan 23 23:36:25 2018 +0530 |
committer | Gerrit - the friendly Code Review server <code-review@localhost> | Thu Jan 25 23:33:09 2018 -0800 |
tree | 1fea3ec9d91aed381f63cbe5570ca5383d1e06b9 | |
parent | d54215652429371a8850bf036f12648053b3517e [diff] |
wlan: Add maximum bound check on WPA RSN IE length In set_ie after receiving DOT11F_EID_RSN, WPA RSN IE is copied from source without a check on the given IE length. A malicious IE length can cause buffer overflow. Apply the same logic from Id159d307e8f9c1de720d4553a7c29f23cbd28571 that was applied under DOT11F_EID_WPA. This adds maximum bound check on WPA RSN IE length. Change-Id: I04f980fe44328b1a3f6a6d4854228cc4c9f1a1c7 CRs-Fixed: 2177210