27f1c544d6737bcb3dc4bb114badcd47ce946a8b - platform/vendor/qcom-opensource/wlan/qcacld-3.0

commit	27f1c544d6737bcb3dc4bb114badcd47ce946a8b	[log] [tgz]
author	Naveen Rawat <naveenrawat@codeaurora.org>	Thu Aug 17 11:39:01 2017 -0700
committer	snandini <snandini@codeaurora.org>	Mon Sep 25 11:22:11 2017 -0700
tree	868146fc5e2e66c65ad0bc51796d4cdc7f3b3737
parent	ae44d897dd3ea727a1caacf6933bd9ca621332df [diff]

qcacld-3.0: Fix Integer overflow with latest framesc_linux tool

This is qcacld-2.0 to qcacld-3.0 propagation

In get_container_ies_len size type for len is uint8_t.
len copies values from pBufRemaining.
There can be chance for integer overflow.
To avoid that make size type for len as uint32_t.

Change-Id: I305321a6631719808ef213571974ae23b0e61bb3
CRs-Fixed: 2064580

core/mac/src/include/dot11f.h[diff]
core/mac/src/sys/legacy/src/utils/src/dot11f.c[diff]

2 files changed

tree: 868146fc5e2e66c65ad0bc51796d4cdc7f3b3737

components/
core/
uapi/
Android.mk
Kbuild
Kconfig
Makefile
README.txt