Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

qcacld-3.0: Parse IE from ASSOC_REQ_IE_OFFSET in assoc req

Random failure is observed when trying to parse RSN IE from
assoc_ind->assocReqPtr in sap_fill_owe_ie_in_assoc_ind.
It should be parsed from ASSOC_REQ_IE_OFFSET.

Change-Id: I8f532f8850a7d997e0227a9e00d4285297243495
CRs-Fixed: 2408770
Min Liu 6 жил өмнө
parent
5f863eec8d
commit
0daa786397
1 өөрчлөгдсөн 9 нэмэгдсэн , 4 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 9 4
      core/sap/src/sap_fsm.c

+ 9 - 4
core/sap/src/sap_fsm.c
Файл харах 

@@ -1361,9 +1361,14 @@ static bool sap_fill_owe_ie_in_assoc_ind(tSap_StationAssocIndication *assoc_ind,
 
 	uint32_t owe_ie_len, rsn_ie_len, dh_ie_len;
 
 	const uint8_t *rsn_ie, *dh_ie;
 
 
+	if (assoc_ind->assocReqLength < ASSOC_REQ_IE_OFFSET) {
 
+		QDF_TRACE_ERROR(QDF_MODULE_ID_SAP, "Invalid assoc req");
 
+		return false;
 
+	}
 
+
 
 	rsn_ie = wlan_get_ie_ptr_from_eid(DOT11F_EID_RSN,
 
-					  assoc_ind->assocReqPtr,
 
-					  assoc_ind->assocReqLength);
 
+			       assoc_ind->assocReqPtr + ASSOC_REQ_IE_OFFSET,
 
+			       assoc_ind->assocReqLength - ASSOC_REQ_IE_OFFSET);
 
 	if (!rsn_ie) {
 
 		QDF_TRACE_ERROR(QDF_MODULE_ID_SAP, "RSN IE is not present");
 
 		return false;
 
@@ -1377,8 +1382,8 @@ static bool sap_fill_owe_ie_in_assoc_ind(tSap_StationAssocIndication *assoc_ind,
 
 	}
 
 
 	dh_ie = wlan_get_ext_ie_ptr_from_ext_id(DH_OUI_TYPE, DH_OUI_TYPE_SIZE,
 
-					   assoc_ind->assocReqPtr,
 
-					   (uint16_t)assoc_ind->assocReqLength);
 
+		   assoc_ind->assocReqPtr + ASSOC_REQ_IE_OFFSET,
 
+		   (uint16_t)(assoc_ind->assocReqLength - ASSOC_REQ_IE_OFFSET));
 
 	if (!dh_ie) {
 
 		QDF_TRACE_ERROR(QDF_MODULE_ID_SAP, "DH IE is not present");
 
 		return false;