wlan: Fix buffer overwrite in csrRoamCheckForLinkStatusChange
Fix possible buffer overwrite in csrRoamCheckForLinkStatusChange
function on receiving eSIR_SME_JOINED_NEW_BSS message.
Change-Id: Icf4a39e0a2a291f1c084353985aa7952e3c8e136
CRs-Fixed: 2294790
diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c
index 92437a1..7734e0a 100644
--- a/CORE/SME/src/csr/csrApiRoam.c
+++ b/CORE/SME/src/csr/csrApiRoam.c
@@ -10508,11 +10508,14 @@
if(pNewBss)
{
vos_mem_copy(pIbssLog->bssid, pNewBss->bssId, 6);
- if(pNewBss->ssId.length)
- {
- vos_mem_copy(pIbssLog->ssid, pNewBss->ssId.ssId,
- pNewBss->ssId.length);
- }
+ if(pNewBss->ssId.length >
+ VOS_LOG_MAX_SSID_SIZE)
+ pNewBss->ssId.length =
+ VOS_LOG_MAX_SSID_SIZE;
+
+ vos_mem_copy(pIbssLog->ssid,
+ pNewBss->ssId.ssId,
+ pNewBss->ssId.length);
pIbssLog->operatingChannel = pNewBss->channelNumber;
}
if(HAL_STATUS_SUCCESS(ccmCfgGetInt(pMac, WNI_CFG_BEACON_INTERVAL, &bi)))