qcacld-2.0: Avoid buffer overflow qcacld-3.0 to qcacld-2.0 propagation Add max check for probe request length against max length of probe request buffer to avoid buffer overflow. Change-Id: Ie0fad7443b2c749c66bb9ad662625a16d3a840c3 CRs-Fixed: 2155808

commit: 3cfb5c3ab5b4be1d97ded6543619294439786b61 [log] [tgz]
author: Padma, Santhosh Kumar <skpadma@codeaurora.org> Fri Dec 08 17:48:10 2017 +0530
committer: Anjaneedevi Kapparapu <akappara@codeaurora.org> Thu Feb 01 15:22:42 2018 +0530
tree: 75390f6c316e016f13bf9164308db7a29bd16aa7
parent: a52772c8be1b1e74ec88b3d2ef8f8a25ae273ce8 [diff]
diff --git a/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c b/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c
index bcd7a10..c04dda1 100644
--- a/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c
+++ b/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c

@@ -742,6 +742,10 @@
 
     MTRACE(macTrace(pMac, TRACE_CODE_TX_SME_MSG, psessionEntry->peSessionId,
                                                                msgQ.type));
+
+    if (ProbeReqIELen > sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE))
+        ProbeReqIELen = sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE);
+
     pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIELen = (tANI_U16)ProbeReqIELen;
     vos_mem_copy(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE, pProbeReqIE, ProbeReqIELen);
commit	3cfb5c3ab5b4be1d97ded6543619294439786b61	[log] [tgz]
author	Padma, Santhosh Kumar <skpadma@codeaurora.org>	Fri Dec 08 17:48:10 2017 +0530
committer	Anjaneedevi Kapparapu <akappara@codeaurora.org>	Thu Feb 01 15:22:42 2018 +0530
tree	75390f6c316e016f13bf9164308db7a29bd16aa7
parent	a52772c8be1b1e74ec88b3d2ef8f8a25ae273ce8 [diff]