From 0daa786397f25196207ffd7ad16be85e81bfba9f Mon Sep 17 00:00:00 2001
From: Min Liu <minliu@codeaurora.org>
Date: Mon, 4 Mar 2019 15:38:14 +0800
Subject: [PATCH] qcacld-3.0: Parse IE from ASSOC_REQ_IE_OFFSET in assoc req

Random failure is observed when trying to parse RSN IE from
assoc_ind->assocReqPtr in sap_fill_owe_ie_in_assoc_ind.
It should be parsed from ASSOC_REQ_IE_OFFSET.

Change-Id: I8f532f8850a7d997e0227a9e00d4285297243495
CRs-Fixed: 2408770
---
 core/sap/src/sap_fsm.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/core/sap/src/sap_fsm.c b/core/sap/src/sap_fsm.c
index c906311af7..f04873c7e8 100644
--- a/core/sap/src/sap_fsm.c
+++ b/core/sap/src/sap_fsm.c
@@ -1361,9 +1361,14 @@ static bool sap_fill_owe_ie_in_assoc_ind(tSap_StationAssocIndication *assoc_ind,
 	uint32_t owe_ie_len, rsn_ie_len, dh_ie_len;
 	const uint8_t *rsn_ie, *dh_ie;
 
+	if (assoc_ind->assocReqLength < ASSOC_REQ_IE_OFFSET) {
+		QDF_TRACE_ERROR(QDF_MODULE_ID_SAP, "Invalid assoc req");
+		return false;
+	}
+
 	rsn_ie = wlan_get_ie_ptr_from_eid(DOT11F_EID_RSN,
-					  assoc_ind->assocReqPtr,
-					  assoc_ind->assocReqLength);
+			       assoc_ind->assocReqPtr + ASSOC_REQ_IE_OFFSET,
+			       assoc_ind->assocReqLength - ASSOC_REQ_IE_OFFSET);
 	if (!rsn_ie) {
 		QDF_TRACE_ERROR(QDF_MODULE_ID_SAP, "RSN IE is not present");
 		return false;
@@ -1377,8 +1382,8 @@ static bool sap_fill_owe_ie_in_assoc_ind(tSap_StationAssocIndication *assoc_ind,
 	}
 
 	dh_ie = wlan_get_ext_ie_ptr_from_ext_id(DH_OUI_TYPE, DH_OUI_TYPE_SIZE,
-					   assoc_ind->assocReqPtr,
-					   (uint16_t)assoc_ind->assocReqLength);
+		   assoc_ind->assocReqPtr + ASSOC_REQ_IE_OFFSET,
+		   (uint16_t)(assoc_ind->assocReqLength - ASSOC_REQ_IE_OFFSET));
 	if (!dh_ie) {
 		QDF_TRACE_ERROR(QDF_MODULE_ID_SAP, "DH IE is not present");
 		return false;