qcacld-3.0: Properly initialize and reset default_scan_ies_len
On wifi config set of default scan ies from supplicant, default_scan_ies_len
is not properly initialized and reset leading to memory overwrite.
Properly initialize the default_scan_ies_len on every wifi config set
of default scan ies from supplicant.
Change-Id: Ib26820e30019a30a7d6369d382d51b648b6b0d43
CRs-Fixed: 2036132
diff --git a/core/hdd/src/wlan_hdd_cfg80211.c b/core/hdd/src/wlan_hdd_cfg80211.c
index 3f32aa3..3b252d6 100644
--- a/core/hdd/src/wlan_hdd_cfg80211.c
+++ b/core/hdd/src/wlan_hdd_cfg80211.c
@@ -4612,14 +4612,19 @@
scan_info->default_scan_ies = NULL;
}
+ scan_info->default_scan_ies_len = ie_len;
+
if (add_qcn_ie)
- ie_len += (QCN_IE_HDR_LEN + QCN_IE_VERSION_SUBATTR_DATA_LEN);
+ ie_len += (QCN_IE_HDR_LEN + QCN_IE_VERSION_SUBATTR_LEN);
scan_info->default_scan_ies = qdf_mem_malloc(ie_len);
- if (!scan_info->default_scan_ies)
+ if (!scan_info->default_scan_ies) {
+ scan_info->default_scan_ies_len = 0;
return -ENOMEM;
+ }
- memcpy(scan_info->default_scan_ies, ie_data, ie_len);
+ qdf_mem_copy(scan_info->default_scan_ies, ie_data,
+ scan_info->default_scan_ies_len);
/* Add QCN IE if g_qcn_ie_support INI is enabled */
if (add_qcn_ie)