Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge "qcacmn: Fix Access Array out of bound"

Linux Build Service Account 7 years ago
parent
bb4f65bfb6 00392f394c
commit
c03bbf527d
1 changed files with 10 additions and 0 deletions
Split View Show Diff Stats
  1. 10 0
      umac/cmn_services/crypto/src/wlan_crypto_global_api.c

+ 10 - 0
umac/cmn_services/crypto/src/wlan_crypto_global_api.c
View File 

@@ -550,6 +550,11 @@ QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev,
 
 			uint16_t kid = req_key->keyix;
 
 			if (kid == WLAN_CRYPTO_KEYIX_NONE)
 
 				kid = 0;
 
+			if (kid >= WLAN_CRYPTO_MAXKEYIDX) {
 
+				qdf_print("%s[%d] invalid keyid %d \n",
 
+						  __func__, __LINE__, kid);
 
+				return QDF_STATUS_E_INVAL;
 
+			}
 
 			if (!crypto_priv->key[kid]) {
 
 				crypto_priv->key[kid]
 
 					= qdf_mem_malloc(
 
@@ -856,6 +861,11 @@ QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev,
 
 
 	if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) {
 
 		uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX;
 
+		if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) {
 
+			qdf_print("%s[%d] Igtk key invalid keyid %d\n",
 
+			__func__, __LINE__, igtk_idx);
 
+			return QDF_STATUS_E_INVAL;
 
+		}
 
 		key = crypto_priv->igtk_key[igtk_idx];
 
 		crypto_priv->igtk_key[igtk_idx] = NULL;
 
 		if (key)