samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Fix static analysis error in limProcessTdls.c

Browse Source 
qcacld-2.0 to qcacld-3.0 propagation

Currently while populating 11a and 11b rates, there is
no bound check for rateset array. This can result in buffer
overflow. As a part of fix add bound check to avoid any
buffer overflow for the rateset.

CRs-fixed: 798054
Change-Id: Ib42f5de642ad54d5c2a1ccdab37d88928b98af01
This commit is contained in:
Sushant Kaushik
2015-07-22 12:22:20 +05:30
committed by Akash Patel
parent edcbc30ce9
commit b50010fbd7
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/mac/src/pe/lim/lim_process_tdls.c
View File

@@ -2159,15 +2159,13 @@ lim_tdls_populate_matching_rate_set(tpAniSirGlobal mac_ctx, tpDphHashNode stads,
(temp_rate_set.rate[j] & 0x7F))
continue;
#ifdef FEATURE_WLAN_NON_INTEGRATED_SOC
if ((b_rateindex > HAL_NUM_11B_RATES) ||
(a_rateindex > HAL_NUM_11A_RATES)) {
if ((b_rateindex > SIR_NUM_11B_RATES) ||
(a_rateindex > SIR_NUM_11A_RATES)) {
lim_log(mac_ctx, LOGE,
FL("Invalid number of rates (11b->%d, 11a->%d)"),
b_rateindex, a_rateindex);
return eSIR_FAILURE;
}
#endif
if (sirIsArate(temp_rate_set2.rate[i] & 0x7f)) {
is_a_rate = 1;
if (a_rateindex < SIR_NUM_11A_RATES)