Accueil Explorer Aide
Connexion
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

qcacld-3.0: Fix out-of-bound in wlan_mlo_parse_bcn_prbresp_t2lm_ie

Currently, In the MLO t2lm API, wlan_mlo_parse_bcn_prbresp_t2lm_ie
is missing frame boundary checks which may lead to out-of-bound
reads if the lengths are not checked by the caller.

Fix is, while parsing t2lm ie pass the frame length and add
check for frame boundary.

CRs-Fixed: 3707241
Change-Id: Ic83638eff2250a704df8dfa8bd233238fcc7a25b
Deeksha Gupta il y a 1 an
Parent
7ba6afa8c1
commit
52f263b2e3
1 fichiers modifiés avec 2 ajouts et 1 suppressions
Vue séparée Afficher les stats Diff
  1. 2 1
      components/umac/mlme/mlo_mgr/src/wlan_t2lm_api.c

+ 2 - 1
components/umac/mlme/mlo_mgr/src/wlan_t2lm_api.c
Voir le fichier 

@@ -504,7 +504,8 @@ wlan_t2lm_validate_candidate(struct cnx_mgr *cm_ctx,
 
 	}
 
 
 	status = wlan_mlo_parse_bcn_prbresp_t2lm_ie(&t2lm_ctx,
 
-						    scan_entry->ie_list.t2lm[0]);
 
+					util_scan_entry_t2lm(scan_entry),
 
+					util_scan_entry_t2lm_len(scan_entry));
 
 	if (QDF_IS_STATUS_ERROR(status))
 
 		goto end;