|
@@ -345,6 +345,13 @@ static uint32_t lim_process_fils_eap_tlv(tpPESession pe_session,
|
|
|
|
|
|
pe_debug("tlv type %x len %u total %u",
|
|
|
tlv->type, tlv->length, data_len);
|
|
|
+
|
|
|
+ if (tlv->length > (data_len - 2)) {
|
|
|
+ pe_err("tlv len %d greater data_len %d",
|
|
|
+ tlv->length, data_len);
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
+
|
|
|
switch (tlv->type) {
|
|
|
case SIR_FILS_EAP_TLV_KEYNAME_NAI:
|
|
|
auth_info->keyname = qdf_mem_malloc(tlv->length);
|