samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d47fccbfde811b6e2b9e552f7b3e2da255f3a87c
android_kernel_samsung_sm86…/umac/mlo_mgr
History
Shashikala Prabhu 20e6be3aa4 qcacmn: Fix out-of-bound read in T2LM IE parse API 
In wlan_mlo_parse_t2lm_ie(), the code is present to check if the frame
length is less than the parsed IE length plus size of ie_header structure
(2 bytes). If the above condition is false then the subsequent code will
access the data of parsed IE length plus size of extn_ie_header structure
(3 bytes).

To fix the out-of-bound read, check if the frame length is less than
parsed IE length plus size of extn_ie_header structure.
Also, added the code to return success if frame length is same as parsed
IE length.

Change-Id: I07c32379ecd18d253a82876127c33b4d95196dd2
CRs-Fixed: 3704796
2024-03-24 23:18:34 -07:00
..
inc
qcacmn: Fix out-of-bound in wlan_mlo_parse_bcn_prbresp_t2lm_ie
2024-02-22 22:28:30 -08:00
src
qcacmn: Fix out-of-bound read in T2LM IE parse API
2024-03-24 23:18:34 -07:00