|
@@ -590,12 +590,18 @@ util_scan_parse_chan_switch_wrapper_ie(struct scan_cache_entry *scan_params,
|
|
|
}
|
|
}
|
|
|
switch (sub_ie->ie_id) {
|
|
switch (sub_ie->ie_id) {
|
|
|
case WLAN_ELEMID_COUNTRY:
|
|
case WLAN_ELEMID_COUNTRY:
|
|
|
|
|
+ if (sub_ie->ie_len < WLAN_COUNTRY_IE_MIN_LEN)
|
|
|
|
|
+ return QDF_STATUS_E_INVAL;
|
|
|
scan_params->ie_list.country = (uint8_t *)sub_ie;
|
|
scan_params->ie_list.country = (uint8_t *)sub_ie;
|
|
|
break;
|
|
break;
|
|
|
case WLAN_ELEMID_WIDE_BAND_CHAN_SWITCH:
|
|
case WLAN_ELEMID_WIDE_BAND_CHAN_SWITCH:
|
|
|
|
|
+ if (sub_ie->ie_len != WLAN_WIDE_BW_CHAN_SWITCH_IE_LEN)
|
|
|
|
|
+ return QDF_STATUS_E_INVAL;
|
|
|
scan_params->ie_list.widebw = (uint8_t *)sub_ie;
|
|
scan_params->ie_list.widebw = (uint8_t *)sub_ie;
|
|
|
break;
|
|
break;
|
|
|
case WLAN_ELEMID_VHT_TX_PWR_ENVLP:
|
|
case WLAN_ELEMID_VHT_TX_PWR_ENVLP:
|
|
|
|
|
+ if (sub_ie->ie_len > WLAN_TPE_IE_MAX_LEN)
|
|
|
|
|
+ return QDF_STATUS_E_INVAL;
|
|
|
scan_params->ie_list.txpwrenvlp = (uint8_t *)sub_ie;
|
|
scan_params->ie_list.txpwrenvlp = (uint8_t *)sub_ie;
|
|
|
break;
|
|
break;
|
|
|
}
|
|
}
|
|
@@ -762,6 +768,8 @@ util_scan_parse_extn_ie(struct scan_cache_entry *scan_params,
|
|
|
|
|
|
|
|
switch (extn_ie->ie_extn_id) {
|
|
switch (extn_ie->ie_extn_id) {
|
|
|
case WLAN_EXTN_ELEMID_MAX_CHAN_SWITCH_TIME:
|
|
case WLAN_EXTN_ELEMID_MAX_CHAN_SWITCH_TIME:
|
|
|
|
|
+ if (extn_ie->ie_len != WLAN_MAX_CHAN_SWITCH_TIME_IE_LEN)
|
|
|
|
|
+ return QDF_STATUS_E_INVAL;
|
|
|
scan_params->ie_list.mcst = (uint8_t *)ie;
|
|
scan_params->ie_list.mcst = (uint8_t *)ie;
|
|
|
break;
|
|
break;
|
|
|
case WLAN_EXTN_ELEMID_SRP:
|
|
case WLAN_EXTN_ELEMID_SRP:
|
Shashikala Prabhu