|
|
@@ -1,5 +1,5 @@
|
|
|
/*
|
|
|
- * Copyright (c) 2017-2020 The Linux Foundation. All rights reserved.
|
|
|
+ * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved.
|
|
|
*
|
|
|
* Permission to use, copy, modify, and/or distribute this software for
|
|
|
* any purpose with or without fee is hereby granted, provided that the
|
|
|
@@ -556,6 +556,7 @@ static bool scm_is_fils_config_match(struct scan_filter *filter,
|
|
|
int i;
|
|
|
struct fils_indication_ie *indication_ie;
|
|
|
uint8_t *data;
|
|
|
+ uint8_t *end_ptr;
|
|
|
|
|
|
if (!filter->fils_scan_filter.realm_check)
|
|
|
return true;
|
|
|
@@ -566,14 +567,19 @@ static bool scm_is_fils_config_match(struct scan_filter *filter,
|
|
|
indication_ie =
|
|
|
(struct fils_indication_ie *)db_entry->ie_list.fils_indication;
|
|
|
|
|
|
+ end_ptr = (uint8_t *)indication_ie + indication_ie->len + 2;
|
|
|
data = indication_ie->variable_data;
|
|
|
- if (indication_ie->is_cache_id_present)
|
|
|
+
|
|
|
+ if (indication_ie->is_cache_id_present &&
|
|
|
+ (data + CACHE_IDENTIFIER_LEN) < end_ptr)
|
|
|
data += CACHE_IDENTIFIER_LEN;
|
|
|
|
|
|
- if (indication_ie->is_hessid_present)
|
|
|
+ if (indication_ie->is_hessid_present &&
|
|
|
+ (data + HESSID_LEN) < end_ptr)
|
|
|
data += HESSID_LEN;
|
|
|
|
|
|
- for (i = 1; i <= indication_ie->realm_identifiers_cnt; i++) {
|
|
|
+ for (i = 1; i <= indication_ie->realm_identifiers_cnt &&
|
|
|
+ (data + REALM_HASH_LEN) < end_ptr; i++) {
|
|
|
if (!qdf_mem_cmp(filter->fils_scan_filter.fils_realm,
|
|
|
data, REALM_HASH_LEN))
|
|
|
return true;
|
Deeksha Gupta