qcacld-3.0: Fix potential integer underflow in lim_parse_kde_elements
In function lim_parse_kde_elements, elem_len is obtained from the
assoc response IE buffer and is used to decrement rem_len in the
while loop. If the value of elem_len is greater than rem_len, an
integer underflow would happen to rem_len leading to buffer overread.
Also, if elem_len is greater than kde_list_len, a buffer overread
would occur when incrementing the temp_ie pointer.
Add sanity check to make sure elem_len is not greater than
kde_list_len or rem_len.
Change-Id: If126bb0e14b57f3594679b91d54cc0f1ffaa6f66
CRs-Fixed: 2152946
1 file changed