qcacld-2.0: Avoid buffer overflow
qcacld-3.0 to qcacld-2.0 propagation
Add max check for probe request length against max length of probe
request buffer to avoid buffer overflow.
Change-Id: Ie0fad7443b2c749c66bb9ad662625a16d3a840c3
CRs-Fixed: 2155808
diff --git a/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c b/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c
index bcd7a10..c04dda1 100644
--- a/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c
+++ b/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c
@@ -742,6 +742,10 @@
MTRACE(macTrace(pMac, TRACE_CODE_TX_SME_MSG, psessionEntry->peSessionId,
msgQ.type));
+
+ if (ProbeReqIELen > sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE))
+ ProbeReqIELen = sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE);
+
pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIELen = (tANI_U16)ProbeReqIELen;
vos_mem_copy(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE, pProbeReqIE, ProbeReqIELen);