qcacld-3.0: Add validation code in __lim_process_roam_scan_offload_req
In function __lim_process_roam_scan_offload_req add validation code
to avoid buffer overflow during memcopy.
Change-Id: I2ac02e276dd7e4df0a6dffe58181ff538b49ed74
CRs-Fixed: 1082162
(cherry picked from commit 9806f9cfe464fb7ebebbf1a1f27c2b0b39cb1ffd)
diff --git a/core/mac/src/pe/lim/lim_process_sme_req_messages.c b/core/mac/src/pe/lim/lim_process_sme_req_messages.c
index 03936bd..9bf72ec 100644
--- a/core/mac/src/pe/lim/lim_process_sme_req_messages.c
+++ b/core/mac/src/pe/lim/lim_process_sme_req_messages.c
@@ -4165,9 +4165,12 @@
if (local_ie_len &&
!lim_update_ext_cap_ie(mac_ctx, req_buffer->assoc_ie.addIEdata,
local_ie_buf, &local_ie_len)) {
- req_buffer->assoc_ie.length = local_ie_len;
- qdf_mem_copy(req_buffer->assoc_ie.addIEdata, local_ie_buf,
- local_ie_len);
+ if (local_ie_len <=
+ QDF_ARRAY_SIZE(req_buffer->assoc_ie.addIEdata)) {
+ req_buffer->assoc_ie.length = local_ie_len;
+ qdf_mem_copy(req_buffer->assoc_ie.addIEdata,
+ local_ie_buf, local_ie_len);
+ }
}
qdf_mem_free(local_ie_buf);