Home Esplora Aiuto
Accedi
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

qcacld-3.0: Skip an IE if found more its max times in a frame

Check if a IE has been encountered more than max possible for that IE
while parsing a frame.

Change-Id: I1054c7df18780469849be55fc4343f09ac502a49
CRs-Fixed: 2058261
Naveen Rawat 7 anni fa
parent
8565edc294
commit
9ff3e249af
2 ha cambiato i file con 16 aggiunte e 15 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 2 2
      core/mac/src/include/dot11f.h
  2. 14 13
      core/mac/src/sys/legacy/src/utils/src/dot11f.c

+ 2 - 2
core/mac/src/include/dot11f.h
Vedi File 

@@ -35,7 +35,7 @@
 
  *
 
  *
 
  * This file was automatically generated by 'framesc'
 
- * Tue May 30 15:11:12 2017 from the following file(s):
 
+ * Fri Jun  9 14:23:47 2017 from the following file(s):
 
  *
 
  * dot11f.frms
 
  *
 
@@ -88,8 +88,8 @@ typedef uint32_t tDOT11F_U64[2];
 
 #define DOT11F_BUFFER_OVERFLOW       (0x10000005)
 
 #define DOT11F_MANDATORY_TLV_MISSING (0x00001000)
 
 #define DOT11F_FAILED(code)          ((code) & 0x10000000)
 
-#define DOT11F_WARNED(code)          (((0 == (code)) & 0x10000000) && code)
 
 #define DOT11F_SUCCEEDED(code)       ((code) == 0)
 
+#define DOT11F_WARNED(code)          (!DOT11F_SUCCEEDED(code) && !DOT11F_FAILED(code))
 
 
 /*********************************************************************
 
  * Fixed Fields                                                      *

+ 14 - 13
core/mac/src/sys/legacy/src/utils/src/dot11f.c
Vedi File 

@@ -33,7 +33,7 @@
 
  *
 
  *
 
  * This file was automatically generated by 'framesc'
 
- * Tue May 30 15:11:12 2017 from the following file(s):
 
+ * Fri Jun  9 14:23:47 2017 from the following file(s):
 
  *
 
  * dot11f.frms
 
  *
 
@@ -10316,6 +10316,10 @@ static uint32_t unpack_core(tpAniSirGlobal pCtx,
 
 
 				countOffset = ((0 != pIe->arraybound) *
 
 						(*(uint16_t *)(pFrm + pIe->countOffset)));
 
+				if (0 != pIe->arraybound && countOffset >= pIe->arraybound) {
 
+					status |= DOT11F_DUPLICATE_IE;
 
+					goto skip_dup_ie;
 
+				}
 
 				switch (pIe->sig) {
 
 				case SigIeGTK:
 
 					status |=
 
@@ -10978,18 +10982,14 @@ static uint32_t unpack_core(tpAniSirGlobal pCtx,
 
 						    append_ie);
 
 					break;
 
 				case SigIeNeighborReport:
 
-					if (countOffset < MAX_SUPPORTED_NEIGHBOR_RPT) {
 
-						status |=
 
-							dot11f_unpack_ie_neighbor_report(
 
-							    pCtx, pBufRemaining, len,
 
-							    (tDot11fIENeighborReport *)
 
-							    (pFrm + pIe->offset +
 
-							    sizeof(tDot11fIENeighborReport) *
 
-							    countOffset),
 
-							    append_ie);
 
-					} else {
 
-						status |= DOT11F_BUFFER_OVERFLOW;
 
-					}
 
+					status |=
 
+						dot11f_unpack_ie_neighbor_report(
 
+						    pCtx, pBufRemaining, len,
 
+						    (tDot11fIENeighborReport *)
 
+						    (pFrm + pIe->offset +
 
+						    sizeof(tDot11fIENeighborReport) *
 
+						    countOffset),
 
+						    append_ie);
 
 					break;
 
 				case SigIeOBSSScanParameters:
 
 					status |=
 
@@ -11780,6 +11780,7 @@ static uint32_t unpack_core(tpAniSirGlobal pCtx,
 
 			status |= DOT11F_UNKNOWN_IES;
 
 		}
 
 
+skip_dup_ie:
 
 		pBufRemaining += len;
 
 
 		if (len > nBufRemaining) {