|
@@ -2689,7 +2689,7 @@ util_scan_parse_beacon_frame(struct wlan_objmgr_pdev *pdev,
|
|
|
struct wlan_frame_hdr *hdr;
|
|
struct wlan_frame_hdr *hdr;
|
|
|
uint8_t *mbssid_ie = NULL;
|
|
uint8_t *mbssid_ie = NULL;
|
|
|
uint32_t ie_len = 0;
|
|
uint32_t ie_len = 0;
|
|
|
- QDF_STATUS status;
|
|
|
|
|
|
|
+ QDF_STATUS status = QDF_STATUS_E_FAILURE;
|
|
|
struct scan_mbssid_info mbssid_info = { 0 };
|
|
struct scan_mbssid_info mbssid_info = { 0 };
|
|
|
|
|
|
|
|
hdr = (struct wlan_frame_hdr *)frame;
|
|
hdr = (struct wlan_frame_hdr *)frame;
|
|
@@ -2702,6 +2702,10 @@ util_scan_parse_beacon_frame(struct wlan_objmgr_pdev *pdev,
|
|
|
mbssid_ie = util_scan_find_ie(WLAN_ELEMID_MULTIPLE_BSSID,
|
|
mbssid_ie = util_scan_find_ie(WLAN_ELEMID_MULTIPLE_BSSID,
|
|
|
(uint8_t *)&bcn->ie, ie_len);
|
|
(uint8_t *)&bcn->ie, ie_len);
|
|
|
if (mbssid_ie) {
|
|
if (mbssid_ie) {
|
|
|
|
|
+ if (mbssid_ie[1] <= 0) {
|
|
|
|
|
+ scm_debug("MBSSID IE length is wrong %d", mbssid_ie[1]);
|
|
|
|
|
+ return status;
|
|
|
|
|
+ }
|
|
|
qdf_mem_copy(&mbssid_info.trans_bssid,
|
|
qdf_mem_copy(&mbssid_info.trans_bssid,
|
|
|
hdr->i_addr3, QDF_MAC_ADDR_SIZE);
|
|
hdr->i_addr3, QDF_MAC_ADDR_SIZE);
|
|
|
mbssid_info.profile_count = 1 << mbssid_ie[2];
|
|
mbssid_info.profile_count = 1 << mbssid_ie[2];
|
Sandeep Puligilla