commit | deea7a8746e2fb15b319cf6337b6539501bbef23 | [log] [tgz] |
---|---|---|
author | Nachiket Kukade <nkukade@codeaurora.org> | Mon Jan 15 12:30:13 2018 +0530 |
committer | Anjaneedevi Kapparapu <akappara@codeaurora.org> | Thu Feb 01 15:22:51 2018 +0530 |
tree | f0ec52e93529fe4f993348bbadd0174ef52f61a0 | |
parent | c10ef6ac787b7f83e2997234babaf1615ad308a2 [diff] |
qcacld-2.0: Add maximum bound check on WPA RSN IE length In set_ie after receiving DOT11F_EID_RSN, WPA RSN IE is copied from source without a check on the given IE length. A malicious IE length can cause buffer overflow. Apply the same logic from Id159d307e8f9c1de720d4553a7c29f23cbd28571 that was applied under DOT11F_EID_WPA. This adds maximum bound check on WPA RSN IE length. Change-Id: I04f980fe44328b1a3f6a6d4854228cc4c9f1a1c7 CRs-Fixed: 2169222