samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Código Issues Pull requests Ações Pacotes Projetos Versões Wiki Atividade

qcacmn: Fix possible OOB in send_roam_scan_offload_mode_cmd_tlv

Ver código fonte 
In send_roam_scan_offload_mode_cmd_tlv, psk_msk from incoming
roam request buffer is copied to destination roam_offload_11i->pmk.
The psk_msk is of size 48 bytes, while destination pmk is of 32
bytes. This could result in OOB.

Copy only 32 bytes for 11i pmk as 802.1x doesn't have PMK size
greater than 32. In future, if Suite-B roaming support is
required, interface changes are need to add new parameter to
copy the remaining 16 bytes.

Change-Id: I303fc15fc0f0169a049d0542674bd7add3cbb1a1
CRs-Fixed: 2470353
Esse commit está contido em:
Pragaspathi Thilagaraj
2019-06-18 17:15:46 +05:30
commit de nshrivas
pai dc8e095f30
commit e42985f86e
1 arquivos alterados com 1 adições e 1 exclusões
Baixar arquivo de patch Baixar arquivo de diferenças Expandir todos os arquivos Colapsar todos os arquivos

2
wmi/src/wmi_unified_roam_tlv.c
Ver arquivo

@@ -1345,7 +1345,7 @@ send_roam_scan_offload_mode_cmd_tlv(wmi_unified_t wmi_handle,
qdf_mem_copy(roam_offload_11i->pmk,
roam_req->psk_pmk,
sizeof(roam_req->psk_pmk));
sizeof(roam_offload_11i->pmk));
roam_offload_11i->pmk_len = roam_req->pmk_len;
WMITLV_SET_HDR(&roam_offload_11i->tlv_header,
WMITLV_TAG_STRUC_wmi_roam_11i_offload_tlv_param,