samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Fix OOB ready when find fils session ie

Browse Source 
This change fixed potential OOB read when find fils session ie.

Change-Id: I385fccf11f8368ad63985bfb7fe25bf9fb7fe09d
CRs-Fixed: 3234954
This commit is contained in:
Wu Gao
2022-07-04 15:26:37 +08:00
committed by Madan Koyyalamudi
parent da71bc9d01
commit 1a1ae8d89e
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/mac/src/pe/lim/lim_process_fils.c
View File

@@ -1956,8 +1956,8 @@ static QDF_STATUS find_ie_data_after_fils_session_ie(struct mac_context *mac_ctx
if (elem_len > left)
return QDF_STATUS_E_FAILURE;
if (elem_id == WLAN_REQUEST_IE_MAX_LEN &&
ptr[2] == SIR_FILS_SESSION_EXT_EID) {
if ((elem_id == WLAN_REQUEST_IE_MAX_LEN) &&
(left >= 3 && ptr[2] == SIR_FILS_SESSION_EXT_EID)) {
(*ie) = ((&ptr[1]) + ptr[1] + 1);
(*ie_len) = (left - elem_len);
return QDF_STATUS_SUCCESS;