TDLS: Fix for potential buffer overflow
Static analyser is reporting errors for array bound
checking.
To resolve this, Check for condition array index
shouldn't exceed WNI_CFG_VALID_CHANNEL_LIST_LEN
before accessing ChannelList array.
CRs-Fixed: 696606
Change-Id: I52817fa3bb216838f250aecea2eb3e0143161e00
diff --git a/CORE/MAC/src/pe/lim/limProcessTdls.c b/CORE/MAC/src/pe/lim/limProcessTdls.c
index eb2c0bc..8101295 100644
--- a/CORE/MAC/src/pe/lim/limProcessTdls.c
+++ b/CORE/MAC/src/pe/lim/limProcessTdls.c
@@ -5399,6 +5399,12 @@
tANI_U8 *output_array,tANI_U8 *output_length)
{
tANI_U8 i,j,k=0,flag=0;
+
+ if (input1_length > WNI_CFG_VALID_CHANNEL_LIST_LEN)
+ {
+ input1_length = WNI_CFG_VALID_CHANNEL_LIST_LEN;
+ }
+
for(i=0;i<input1_length;i++)
{
flag=0;
@@ -5496,7 +5502,8 @@
pTdlsLinkEstablishReq->isOffChannelSupported;
pMsgTdlsLinkEstablishReq->isOffChannelSupported = 1;
- if ( 0 != pTdlsLinkEstablishReq->supportedChannelsLen)
+ if ((pTdlsLinkEstablishReq->supportedChannelsLen > 0) &&
+ (pTdlsLinkEstablishReq->supportedChannelsLen <= SIR_MAC_MAX_SUPP_CHANNELS))
{
tANI_U32 selfNumChans = WNI_CFG_VALID_CHANNEL_LIST_LEN;
tANI_U8 selfSupportedChannels[WNI_CFG_VALID_CHANNEL_LIST_LEN];