samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
db3c6f57e335b31e036d7ece5a5b9e7c0698d4a1
android_kernel_samsung_sm86…/core
History
Abhinav Kumar db3c6f57e3 qcacld-3.0: Fix out-of-bounds access in lim_process_assoc_req_frame 
Currently the function lim_process_assoc_req_frame uses frame_len
without validation to parse the IE buffer which could lead to
out-of-bounds memory access if the frame_len is less than or
equal to LIM_ASSOC_REQ_IE_OFFSET(4).

Add check to validate the frame_len with LIM_ASSOC_REQ_IE_OFFSET
before sending (frame_len - LIM_ASSOC_REQ_IE_OFFSET) to
cfg_get_vendor_ie_ptr_from_oui to parse only the IE buffer.

Change-Id: Iaa9e8db4a2605169c9ad3904878a2e626eb6de8b
CRs-Fixed: 2259707
2018-06-25 14:12:45 -07:00
..
bmi
qcacld-3.0: Abstract SDIO block size
2018-06-25 04:55:52 -07:00
cds
qcacld-3.0: cds: Replace tSirRetStatus with QDF_STATUS
2018-06-24 11:58:47 -07:00
dp
qcacld-3.0: Fix compilation error
2018-06-21 22:42:15 -07:00
hdd
qcacld-3.0: Configure num_vdevs for FTM mode
2018-06-25 10:02:16 -07:00
mac
qcacld-3.0: Fix out-of-bounds access in lim_process_assoc_req_frame
2018-06-25 14:12:45 -07:00
pld
qcacld-3.0: Check if sdio device is valid before start wifi
2018-06-07 21:08:36 -07:00
sap
qcacld-3.0: sap: Replace tSirRetStatus with QDF_STATUS
2018-06-22 14:07:58 -07:00
sme
qcacld-3.0: Fix csr_is_pmf_capabilities_in_rsn_match() param
2018-06-25 12:41:07 -07:00
wma
qcacld-3.0: Report valid MCS index to upper layer
2018-06-22 21:07:13 -07:00