deea7a8746e2fb15b319cf6337b6539501bbef23 - imx-board-wlan-src

commit	deea7a8746e2fb15b319cf6337b6539501bbef23	[log] [tgz]
author	Nachiket Kukade <nkukade@codeaurora.org>	Mon Jan 15 12:30:13 2018 +0530
committer	Anjaneedevi Kapparapu <akappara@codeaurora.org>	Thu Feb 01 15:22:51 2018 +0530
tree	f0ec52e93529fe4f993348bbadd0174ef52f61a0
parent	c10ef6ac787b7f83e2997234babaf1615ad308a2 [diff]

qcacld-2.0: Add maximum bound check on WPA RSN IE length

In set_ie after receiving DOT11F_EID_RSN, WPA RSN IE is copied from
source without a check on the given IE length. A malicious IE length
can cause buffer overflow.

Apply the same logic from Id159d307e8f9c1de720d4553a7c29f23cbd28571
that was applied under DOT11F_EID_WPA. This adds maximum bound check
on WPA RSN IE length.

Change-Id: I04f980fe44328b1a3f6a6d4854228cc4c9f1a1c7
CRs-Fixed: 2169222

CORE/HDD/src/wlan_hdd_cfg80211.c[diff]

1 file changed

tree: f0ec52e93529fe4f993348bbadd0174ef52f61a0

CORE/
firmware_bin/
wcnss/
Android.mk
Kbuild
Kconfig
Makefile