wlan: Fix possible buffer overflow
If channel index is greater than the max limit
(MAX_BSS_IN_NEIGHBOR_RPT), then it can result in out of bound
access. Also, if numChannels in scan request is greater than
SIR_ESE_MAX_MEAS_IE_REQS, then it can result in out of bound
access in limSendHalStartScanOffloadReq.
Add a check on index variable against MAX_BSS_IN_NEIGHBOR_RPT
in csrNeighborRoamCreateChanListFromNeighborReport and limit
the value of pScanReq->channelList.numChannels to
SIR_ESE_MAX_MEAS_IE_REQS in limSendHalStartScanOffloadReq
to make sure numChannel should not exceed the max limit.
Change-Id: Ic602443125cc30535018d23bd3f941307888c37e
CRs-Fixed: 2195886
2 files changed