Halaman utama Jelajahi Bantuan
Masuk
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Jelajahi Sumber

qcacld-3.0: Validate wpa ie length before extracting ie

During initializing ibss security settings there is a possibility
of integer underflow while extracting wpa ie because of ie length
check miss.

Add wpa ie length boundary check before extracting wpa ie.

Change-Id: I37d8ee5ea1e1ba12277128a1407783f5647251b6
CRs-Fixed: 2151241
Hanumanth Reddy Pothula 7 tahun lalu
induk
89c85d1d18
melakukan
f6e3db3394
1 mengubah file dengan 5 tambahan dan 0 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 5 0
      core/hdd/src/wlan_hdd_cfg80211.c

+ 5 - 0
core/hdd/src/wlan_hdd_cfg80211.c
Tampilan Berkas 

@@ -18977,6 +18977,11 @@ static int wlan_hdd_cfg80211_set_privacy_ibss(struct hdd_adapter *adapter,
 
 				 * Skip past the EID byte and length byte
 
 				 * and four byte WiFi OUI
 
 				 */
 
+				if (ie[1] < DOT11F_IE_WPA_MIN_LEN ||
 
+				    ie[1] > DOT11F_IE_WPA_MAX_LEN) {
 
+					hdd_err("invalid ie len:%d", ie[1]);
 
+					return -EINVAL;
 
+				}
 
 				dot11f_unpack_ie_wpa((tpAniSirGlobal) halHandle,
 
 						     (uint8_t *)&ie[2 + 4],
 
 						     ie[1] - 4, &dot11WPAIE,