|
|
@@ -4296,6 +4296,11 @@ int wma_extscan_hotlist_match_event_handler(void *handle,
|
|
|
dest_ap->ieLength = src_hotlist->ie_length;
|
|
|
WMI_MAC_ADDR_TO_CHAR_ARRAY(&src_hotlist->bssid,
|
|
|
dest_ap->bssid.bytes);
|
|
|
+ if (src_hotlist->ssid.ssid_len > SIR_MAC_MAX_SSID_LENGTH) {
|
|
|
+ WMA_LOGE("%s Invalid SSID len %d, truncating",
|
|
|
+ __func__, src_hotlist->ssid.ssid_len);
|
|
|
+ src_hotlist->ssid.ssid_len = SIR_MAC_MAX_SSID_LENGTH;
|
|
|
+ }
|
|
|
qdf_mem_copy(dest_ap->ssid, src_hotlist->ssid.ssid,
|
|
|
src_hotlist->ssid.ssid_len);
|
|
|
dest_ap->ssid[src_hotlist->ssid.ssid_len] = '\0';
|
|
|
@@ -4470,6 +4475,13 @@ static int wma_group_num_bss_to_scan_id(const u_int8_t *cmd_param_info,
|
|
|
WMI_MAC_ADDR_TO_CHAR_ARRAY(&src_hotlist->bssid,
|
|
|
ap->bssid.bytes);
|
|
|
|
|
|
+ if (src_hotlist->ssid.ssid_len >
|
|
|
+ SIR_MAC_MAX_SSID_LENGTH) {
|
|
|
+ WMA_LOGD("%s Invalid SSID len %d, truncating",
|
|
|
+ __func__, src_hotlist->ssid.ssid_len);
|
|
|
+ src_hotlist->ssid.ssid_len =
|
|
|
+ SIR_MAC_MAX_SSID_LENGTH;
|
|
|
+ }
|
|
|
qdf_mem_copy(ap->ssid, src_hotlist->ssid.ssid,
|
|
|
src_hotlist->ssid.ssid_len);
|
|
|
ap->ssid[src_hotlist->ssid.ssid_len] = '\0';
|
|
|
@@ -4796,10 +4808,15 @@ int wma_passpoint_match_event_handler(void *handle,
|
|
|
WMI_SVC_MSG_MAX_SIZE) {
|
|
|
WMA_LOGE("IE Length: %d or ANQP Length: %d is huge",
|
|
|
event->ie_length, event->anqp_length);
|
|
|
- QDF_ASSERT(0);
|
|
|
return -EINVAL;
|
|
|
}
|
|
|
|
|
|
+ if (event->ssid.ssid_len > SIR_MAC_MAX_SSID_LENGTH) {
|
|
|
+ WMA_LOGD("%s: Invalid ssid len %d, truncating",
|
|
|
+ __func__, event->ssid.ssid_len);
|
|
|
+ event->ssid.ssid_len = SIR_MAC_MAX_SSID_LENGTH;
|
|
|
+ }
|
|
|
+
|
|
|
dest_match = qdf_mem_malloc(sizeof(*dest_match) +
|
|
|
event->ie_length + event->anqp_length);
|
|
|
if (!dest_match) {
|
Vignesh Viswanathan