|
|
@@ -5927,7 +5927,7 @@ QDF_STATUS lim_strip_ie(struct mac_context *mac_ctx,
|
|
|
int left = *addn_ielen;
|
|
|
uint8_t *ptr = addn_ie;
|
|
|
uint8_t elem_id;
|
|
|
- uint16_t elem_len;
|
|
|
+ uint16_t elem_len, ie_len, extracted_ie_len = 0;
|
|
|
|
|
|
if (!addn_ie) {
|
|
|
pe_debug("NULL addn_ie pointer");
|
|
|
@@ -5938,6 +5938,9 @@ QDF_STATUS lim_strip_ie(struct mac_context *mac_ctx,
|
|
|
if (!tempbuf)
|
|
|
return QDF_STATUS_E_NOMEM;
|
|
|
|
|
|
+ if (extracted_ie)
|
|
|
+ qdf_mem_zero(extracted_ie, eid_max_len + size_of_len_field + 1);
|
|
|
+
|
|
|
while (left >= 2) {
|
|
|
elem_id = ptr[0];
|
|
|
left -= 1;
|
|
|
@@ -5968,11 +5971,13 @@ QDF_STATUS lim_strip_ie(struct mac_context *mac_ctx,
|
|
|
* take oui IE and store in provided buffer.
|
|
|
*/
|
|
|
if (extracted_ie) {
|
|
|
- qdf_mem_zero(extracted_ie,
|
|
|
- eid_max_len + size_of_len_field + 1);
|
|
|
- if (elem_len <= eid_max_len)
|
|
|
- qdf_mem_copy(extracted_ie, &ptr[0],
|
|
|
- elem_len + size_of_len_field + 1);
|
|
|
+ ie_len = elem_len + size_of_len_field + 1;
|
|
|
+ if (ie_len <= eid_max_len - extracted_ie_len) {
|
|
|
+ qdf_mem_copy(
|
|
|
+ extracted_ie + extracted_ie_len,
|
|
|
+ &ptr[0], ie_len);
|
|
|
+ extracted_ie_len += ie_len;
|
|
|
+ }
|
|
|
}
|
|
|
}
|
|
|
left -= elem_len;
|
Srinivas Dasari