From 90a5a30c3bc56613e23e2c098539fb6e568ae498 Mon Sep 17 00:00:00 2001
From: Amruta Kulkarni <amrukulk@codeaurora.org>
Date: Thu, 28 Oct 2021 18:14:47 -0700
Subject: [PATCH] qcacld-3.0: Fix check for SAE frame length

For SAE preauth and auth frame api fix
frame length checks.

Change-Id: I573ec898d810c4f5f81d4d1bbda5681b9edacc5c
CRs-Fixed: 3064386
---
 core/mac/src/pe/lim/lim_process_auth_frame.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/mac/src/pe/lim/lim_process_auth_frame.c b/core/mac/src/pe/lim/lim_process_auth_frame.c
index 5138b40786..ee8adb30f2 100644
--- a/core/mac/src/pe/lim/lim_process_auth_frame.c
+++ b/core/mac/src/pe/lim/lim_process_auth_frame.c
@@ -465,7 +465,7 @@ static void lim_process_sae_auth_frame(struct mac_context *mac_ctx,
 
 	if (LIM_IS_STA_ROLE(pe_session)) {
 		auth_algo = *(uint16_t *)body_ptr;
-		if (frame_len > (SAE_AUTH_STATUS_CODE_OFFSET + 2)) {
+		if (frame_len >= (SAE_AUTH_STATUS_CODE_OFFSET + 2)) {
 			sae_auth_seq =
 				*(uint16_t *)(body_ptr +
 					      SAE_AUTH_SEQ_NUM_OFFSET);
@@ -1702,7 +1702,7 @@ bool lim_process_sae_preauth_frame(struct mac_context *mac, uint8_t *rx_pkt)
 	if (auth_alg != eSIR_AUTH_TYPE_SAE)
 		return false;
 
-	if (frm_len > (SAE_AUTH_STATUS_CODE_OFFSET + 2)) {
+	if (frm_len >= (SAE_AUTH_STATUS_CODE_OFFSET + 2)) {
 		sae_auth_seq =
 			*(uint16_t *)(frm_body + SAE_AUTH_SEQ_NUM_OFFSET);
 		sae_status_code =