qcacld-3.0: Fix OOB when copy link beacon IE
Link beacon in roam sync frame event may be not for actual link when roamed to 2+ link AP, then get right link beacon from scan cache, but beacon size may be larger, if malloc buffer with link beacon size in roam sync frame event to save beacon IE got from scan cache, OOB will happen. To fix it, when malloc buf to save beacon IE during roaming, use max mgmt mpdu size. Change-Id: I08fc52ce26edc1f02365837a1ed7a632ed7c6706 CRs-Fixed: 3667410
This commit is contained in:
Jianmin Zhu
committed by
Ravindra Konda
Ravindra Konda
parent
b7a4145750
commit
3bc76fab1b
@@ -577,9 +577,8 @@ QDF_STATUS cm_roam_sync_event_handler_cb(struct wlan_objmgr_vdev *vdev,
|
|||||||
sync_ind->link_beacon_probe_resp_length) {
|
sync_ind->link_beacon_probe_resp_length) {
|
||||||
if (sync_ind->link_beacon_probe_resp_length >
|
if (sync_ind->link_beacon_probe_resp_length >
|
||||||
(QDF_IEEE80211_3ADDR_HDR_LEN + MAC_B_PR_SSID_OFFSET)) {
|
(QDF_IEEE80211_3ADDR_HDR_LEN + MAC_B_PR_SSID_OFFSET)) {
|
||||||
ie_len = sync_ind->link_beacon_probe_resp_length -
|
ie_len = MAX_MGMT_MPDU_LEN -
|
||||||
(QDF_IEEE80211_3ADDR_HDR_LEN +
|
(QDF_IEEE80211_3ADDR_HDR_LEN + MAC_B_PR_SSID_OFFSET);
|
||||||
MAC_B_PR_SSID_OFFSET);
|
|
||||||
} else {
|
} else {
|
||||||
mlme_err("LFR3: MLO: vdev:%d Invalid link Beacon Length",
|
mlme_err("LFR3: MLO: vdev:%d Invalid link Beacon Length",
|
||||||
vdev_id);
|
vdev_id);
|
||||||
|
|||||||
Reference in New Issue
Block a user