|
|
@@ -2091,7 +2091,16 @@ static int wma_fill_roam_synch_buffer(tp_wma_handle wma,
|
|
|
|
|
|
fils_info = (wmi_roam_fils_synch_tlv_param *)
|
|
|
(param_buf->roam_fils_synch_info);
|
|
|
- if (param_buf->roam_fils_synch_info) {
|
|
|
+ if (fils_info) {
|
|
|
+ if ((fils_info->kek_len > SIR_KEK_KEY_LEN_FILS) ||
|
|
|
+ (fils_info->pmk_len > SIR_PMK_LEN)) {
|
|
|
+ WMA_LOGE("%s: Invalid kek_len %d or pmk_len %d",
|
|
|
+ __func__,
|
|
|
+ fils_info->kek_len,
|
|
|
+ fils_info->pmk_len);
|
|
|
+ return -EINVAL;
|
|
|
+ }
|
|
|
+
|
|
|
roam_synch_ind_ptr->kek_len = fils_info->kek_len;
|
|
|
qdf_mem_copy(roam_synch_ind_ptr->kek, fils_info->kek,
|
|
|
fils_info->kek_len);
|
Vignesh Viswanathan