3ef787b1ecdbd2b26982608efa530f1d7aab9922 - platform/vendor/qcom-opensource/wlan/qcacld-3.0

commit	3ef787b1ecdbd2b26982608efa530f1d7aab9922	[log] [tgz]
author	Abhinav Kumar <abhikuma@codeaurora.org>	Tue Apr 03 16:39:33 2018 +0530
committer	nshrivas <nshrivas@codeaurora.org>	Mon Apr 09 06:20:20 2018 -0700
tree	6aed3230f7280a29eeadf3a89bfa548a63609569
parent	1a0d818faee5313196a10deabb21fa6389109611 [diff]

qcacld-3.0: Fix to pass appropriate buffer length to unpack WPA IE

In lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message, length passed
to unpack WPA IE is length of WPA IE + 2 bytes extra
(rsn_ie->rsnIEdata[1] + 2) - 4. So in case of only WPA IE is present
in assoc request, the WPA IE parser will try to validate the buffer
beyond the WPA IE and might fail as the extra 2 bytes of buffer might
contains some garbage value.

Pass appropriate length to unpack WPA IE.

Change-Id: Ifad6fabf701a82abd4234569d108b4172adf2bcb
CRs-Fixed: 2217455

core/mac/src/pe/lim/lim_sme_req_utils.c[diff]

1 file changed

tree: 6aed3230f7280a29eeadf3a89bfa548a63609569

components/
core/
uapi/
Android.mk
Kbuild
Kconfig
Makefile
README.txt