Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacld-3.0: Check length of ciphered text and avoid to OOB read

Potential OOB access ciphered text since no length check before reading.

Change-Id: I2332e14e0b28286018bcf5bcfe25a1925f46cf0f
CRs-Fixed: 3241763
Wu Gao 2 years ago
parent
85e898d01a
commit
71b3a1294c
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      core/mac/src/pe/lim/lim_process_fils.c

+ 1 - 1
core/mac/src/pe/lim/lim_process_fils.c
View File 

@@ -2158,7 +2158,7 @@ static int fils_aead_decrypt(const uint8_t *kek, unsigned int kek_len,
 
 	}
 
 
 	if (!own_mac || !bssid || !snonce ||
 
-	    !anonce || data_len == 0 || ciphered_text_len == 0 ||
 
+	    !anonce || data_len == 0 || ciphered_text_len < AES_BLOCK_SIZE ||
 
 	    !plain_text) {
 
 		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
 
 			  FL("Error missing params mac:%pK bssid:%pK snonce:%pK anonce:%pK data_len:%zu ciphered_text_len:%zu plain_text:%pK"),