Página inicial Explorar Ajuda
Entrar
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

qcacld-3.0: Add check for set_ft_ies buffer length

Add check for buffer length in function sme_set_ft_ies.

Change-Id: I7adc56e23316c0ceb193a5bdf8c4c0b5f4fbd20a
CRs-Fixed: 2055659
Naveen Rawat 8 anos atrás
pai
d6f9ed18a0
commit
c921c7b2cc
2 arquivos alterados com 7 adições e 2 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 5 0
      core/hdd/src/wlan_hdd_wext.c
  2. 2 2
      core/sme/src/common/sme_ft_api.c

+ 5 - 0
core/hdd/src/wlan_hdd_wext.c
Ver arquivo 

@@ -14000,6 +14000,11 @@ static const struct iw_priv_args we_private_args[] = {
 
 	 0,
 
 	 "enable_range_ext"}
 
 	,
 
+
 
+	{WLAN_PRIV_SET_FTIES,
 
+	 IW_PRIV_TYPE_CHAR | MAX_FTIE_SIZE,
 
+	 0,
 
+	 "set_ft_ies"},
 
 };
 
 
 const struct iw_handler_def we_handler_def = {

+ 2 - 2
core/sme/src/common/sme_ft_api.c
Ver arquivo 

@@ -151,6 +151,7 @@ void sme_set_ft_ies(tHalHandle hal_ptr, uint32_t session_id,
 
 	switch (session->ftSmeContext.FTState) {
 
 	case eFT_START_READY:
 
 	case eFT_AUTH_REQ_READY:
 
+		sme_debug("ft_ies_length: %d", ft_ies_length);
 
 		if ((session->ftSmeContext.auth_ft_ies) &&
 
 			(session->ftSmeContext.auth_ft_ies_length)) {
 
 			/* Free the one we recvd last from supplicant */
 
@@ -158,6 +159,7 @@ void sme_set_ft_ies(tHalHandle hal_ptr, uint32_t session_id,
 
 			session->ftSmeContext.auth_ft_ies_length = 0;
 
 			session->ftSmeContext.auth_ft_ies = NULL;
 
 		}
 
+		ft_ies_length = QDF_MIN(ft_ies_length, MAX_FTIE_SIZE);
 
 		/* Save the FT IEs */
 
 		session->ftSmeContext.auth_ft_ies =
 
 					qdf_mem_malloc(ft_ies_length);
 
@@ -170,8 +172,6 @@ void sme_set_ft_ies(tHalHandle hal_ptr, uint32_t session_id,
 
 		qdf_mem_copy((uint8_t *)session->ftSmeContext.auth_ft_ies,
 
 				ft_ies, ft_ies_length);
 
 		session->ftSmeContext.FTState = eFT_AUTH_REQ_READY;
 
-
 
-		sme_debug("ft_ies_length: %d", ft_ies_length);
 
 		break;
 
 
 	case eFT_AUTH_COMPLETE: