samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Fix check for SAE frame length

Browse Source 
For SAE preauth and auth frame api fix
frame length checks.

Change-Id: I573ec898d810c4f5f81d4d1bbda5681b9edacc5c
CRs-Fixed: 3064386
This commit is contained in:
Amruta Kulkarni
2021-10-28 18:14:47 -07:00
committed by Madan Koyyalamudi
parent bc3462e8fc
commit 90a5a30c3b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/mac/src/pe/lim/lim_process_auth_frame.c
View File

@@ -465,7 +465,7 @@ static void lim_process_sae_auth_frame(struct mac_context *mac_ctx,
if (LIM_IS_STA_ROLE(pe_session)) { if (LIM_IS_STA_ROLE(pe_session)) {
auth_algo = *(uint16_t *)body_ptr; auth_algo = *(uint16_t *)body_ptr;
if (frame_len > (SAE_AUTH_STATUS_CODE_OFFSET + 2)) { if (frame_len >= (SAE_AUTH_STATUS_CODE_OFFSET + 2)) {
sae_auth_seq = sae_auth_seq =
*(uint16_t *)(body_ptr + *(uint16_t *)(body_ptr +
SAE_AUTH_SEQ_NUM_OFFSET); SAE_AUTH_SEQ_NUM_OFFSET);
@@ -1702,7 +1702,7 @@ bool lim_process_sae_preauth_frame(struct mac_context *mac, uint8_t *rx_pkt)
if (auth_alg != eSIR_AUTH_TYPE_SAE) if (auth_alg != eSIR_AUTH_TYPE_SAE)
return false; return false;
if (frm_len > (SAE_AUTH_STATUS_CODE_OFFSET + 2)) { if (frm_len >= (SAE_AUTH_STATUS_CODE_OFFSET + 2)) {
sae_auth_seq = sae_auth_seq =
*(uint16_t *)(frm_body + SAE_AUTH_SEQ_NUM_OFFSET); *(uint16_t *)(frm_body + SAE_AUTH_SEQ_NUM_OFFSET);
sae_status_code = sae_status_code =