qcacld-3.0: Fix incorrect processing of encrypted auth frame
Fix incorrect processing of encrypted auth frame by allocating
appropriate local buffer and using correct type for frame length.
Change-Id: I87d6f4c3c43dd332d5b1877ddf4b3b46a717468b
CRs-Fixed: 2081734
diff --git a/core/mac/src/pe/lim/lim_process_auth_frame.c b/core/mac/src/pe/lim/lim_process_auth_frame.c
index 090f982..7e3863c 100644
--- a/core/mac/src/pe/lim/lim_process_auth_frame.c
+++ b/core/mac/src/pe/lim/lim_process_auth_frame.c
@@ -1042,7 +1042,7 @@
{
uint8_t *body_ptr, key_id, cfg_privacy_opt_imp;
uint8_t defaultkey[SIR_MAC_KEY_LENGTH];
- uint8_t plainbody[256];
+ uint8_t plainbody[LIM_ENCR_AUTH_BODY_LEN];
uint8_t decrypt_result;
uint16_t frame_len, curr_seq_num = 0;
uint32_t val, key_length = 8;
diff --git a/core/mac/src/pe/lim/lim_security_utils.c b/core/mac/src/pe/lim/lim_security_utils.c
index 28f31a6..81bda93 100644
--- a/core/mac/src/pe/lim/lim_security_utils.c
+++ b/core/mac/src/pe/lim/lim_security_utils.c
@@ -645,7 +645,7 @@
{
uint8_t i = ctx.i;
uint8_t j = ctx.j;
- uint8_t len = (uint8_t) frameLen;
+ uint16_t len = frameLen;
while (len-- > 0) {
uint8_t temp1, temp2;
@@ -717,7 +717,7 @@
/* Compute CRC-32 and place them in last 4 bytes of encrypted body */
lim_compute_crc32(icv,
(uint8_t *) pPlainBody,
- (uint8_t) (frameLen - SIR_MAC_WEP_ICV_LENGTH));
+ (frameLen - SIR_MAC_WEP_ICV_LENGTH));
/* Compare RX_ICV with computed ICV */
for (i = 0; i < SIR_MAC_WEP_ICV_LENGTH; i++) {