qcacld-3.0: Fix possible heap overflow in lim_update_ext_cap_ie
In the function lim_process_set_default_scan_ie_request, memory
of MAX_DEFAULT_SCAN_IE_LEN (2048) is allocated for local_ie_buf.
This local_ie_buf accommodates the ie data and also the ext
capabilities. If the local_ie_len, that is used to copy the
ie_data to local_ie_buf is greater than
MAX_DEFAULT_SCAN_IE_LEN(2048) - (DOT11F_IE_EXTCAP_MAX_LEN(15) +
EXT_CAP_IE_HDR_LEN(2)), then heap overflow could occur.
Validate the MAX_DEFAULT_SCAN_IE_LEN against the difference
between MAX_DEFAULT_SCAN_IE_LEN and sum of EXT_CAP_IE_HDR_LEN
and DOT11F_IE_EXTCAP_MAX_LEN.
Change-Id: Id2f950440d69ddb09090643f8a426061c0d336c3
CRs-Fixed: 2231300
1 file changed