Ana Sayfa Keşfet Yardım
Giriş Yap
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Kaynağa Gözat

qcacld-3.0: Add check for min buffer length in find_ie_defn

In find_ie_defn function, if the current IE is an Ext IE with EID=255,
the third byte of the IE is accessed to get the extn_eid. However, if
the actual buffer length is less than 3, then an OOB read would occur
while trying to access extn_eid.

Add check to access pbuf + 2 for extn_eid only if nbuf is greater than 2.

Change-Id: Id9708176affe35a85eb21a07901ae8ed62b78b9e
CRs-Fixed: 2237141
Vignesh Viswanathan 7 yıl önce
ebeveyn
39cec0833b
işleme
053efa32c8
2 değiştirilmiş dosya ile 4 ekleme ve 21 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 1 10
      core/mac/src/include/dot11f.h
  2. 3 11
      core/mac/src/sys/legacy/src/utils/src/dot11f.c

+ 1 - 10
core/mac/src/include/dot11f.h
Dosyayı Görüntüle 

@@ -1,9 +1,6 @@
 
 /*
 
  * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved.
 
  *
 
- * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
 
- *
 
- *
 
  * Permission to use, copy, modify, and/or distribute this software for
 
  * any purpose with or without fee is hereby granted, provided that the
 
  * above copyright notice and this permission notice appear in all
 
@@ -19,12 +16,6 @@
 
  * PERFORMANCE OF THIS SOFTWARE.
 
  */
 
 
-/*
 
- * This file was originally distributed by Qualcomm Atheros, Inc.
 
- * under proprietary terms before Copyright ownership was assigned
 
- * to the Linux Foundation.
 
- */
 
-
 
 #ifndef DOT11F_H
 
 #define DOT11F_H
 
 /*
 
@@ -35,7 +26,7 @@
 
  *
 
  *
 
  * This file was automatically generated by 'framesc'
 
- * Fri Apr 27 16:11:55 2018 from the following file(s):
 
+ * Thu May 10 17:05:13 2018 from the following file(s):
 
  *
 
  * dot11f.frms
 
  *

+ 3 - 11
core/mac/src/sys/legacy/src/utils/src/dot11f.c
Dosyayı Görüntüle 

@@ -1,9 +1,6 @@
 
 /*
 
  * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved.
 
  *
 
- * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
 
- *
 
- *
 
  * Permission to use, copy, modify, and/or distribute this software for
 
  * any purpose with or without fee is hereby granted, provided that the
 
  * above copyright notice and this permission notice appear in all
 
@@ -19,12 +16,6 @@
 
  * PERFORMANCE OF THIS SOFTWARE.
 
  */
 
 
-/*
 
- * This file was originally distributed by Qualcomm Atheros, Inc.
 
- * under proprietary terms before Copyright ownership was assigned
 
- * to the Linux Foundation.
 
- */
 
-
 
 /*
 
  * \file dot11f.c
 
  *
 
@@ -33,7 +24,7 @@
 
  *
 
  *
 
  * This file was automatically generated by 'framesc'
 
- * Fri Apr 27 16:11:55 2018 from the following file(s):
 
+ * Thu May 10 17:05:13 2018 from the following file(s):
 
  *
 
  * dot11f.frms
 
  *
 
@@ -306,7 +297,8 @@ static const tIEDefn *find_ie_defn(tpAniSirGlobal pCtx,
 
 	while (0xff != pIe->eid || pIe->extn_eid) {
 
 		if (*pBuf == pIe->eid) {
 
 			if (pIe->eid == 0xff) {
 
-				if ((*(pBuf + 2)) == pIe->extn_eid)
 
+				if ((nBuf > 2) &&
 
+				    (*(pBuf + 2)) == pIe->extn_eid)
 
 					return pIe;
 
 			} else {
 
 				if (0 == pIe->noui)