Merge "qcacld-2.0: Drop assoc request if RSNIE/WPAIE parsing fail" into wlan-cld2.driver.lnx.1.0-dev

author: CNSS_WLAN Service <cnssbldsw@qualcomm.com> 2017-06-06 03:37:19 -0700
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2017-06-06 03:37:19 -0700
commit: 21850677ce010c763ff05c7817dc16faafb7a124 (patch)
tree: ff896540d48a888c5c805537516a224a2d3fd1b8
parent: 8368e2398c84216dcc2c89695c59899c1b58e4a8 (diff)
parent: aae237dfbaf8edcf310eeb84b887b20e7e9c0ff3 (diff)
1 files changed, 19 insertions, 4 deletions
diff --git a/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c b/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c
index 7aa5464cf255..23d2cf3e0be3 100644
--- a/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c
+++ b/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c
@@ -752,10 +752,18 @@ limProcessAssocReqFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo,
                 if(pAssocReq->rsn.length)
                 {
                     // Unpack the RSN IE
-                    dot11fUnpackIeRSN(pMac,
+                    if (dot11fUnpackIeRSN(pMac,
                                         &pAssocReq->rsn.info[0],
                                         pAssocReq->rsn.length,
-                                        &Dot11fIERSN);
+                                        &Dot11fIERSN) != DOT11F_PARSE_SUCCESS)
+                    {
+                        limLog(pMac, LOG1,
+                            FL("Invalid RSNIE received"));
+                        limSendAssocRspMgmtFrame(pMac,
+                            eSIR_MAC_INVALID_RSN_IE_CAPABILITIES_STATUS,
+                            1, pHdr->sa, subType, 0,psessionEntry);
+                        goto error;
+                    }
 
                     /* Check RSN version is supported or not */
                     if(SIR_MAC_OUI_VERSION_1 == Dot11fIERSN.version)
@@ -821,10 +829,17 @@ limProcessAssocReqFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo,
                 // Unpack the WPA IE
                 if(pAssocReq->wpa.length)
                 {
-                    dot11fUnpackIeWPA(pMac,
+                    if (dot11fUnpackIeWPA(pMac,
                                         &pAssocReq->wpa.info[4], //OUI is not taken care
                                         pAssocReq->wpa.length,
-                                        &Dot11fIEWPA);
+                                        &Dot11fIEWPA) != DOT11F_PARSE_SUCCESS)
+                    {
+                        limLog(pMac, LOGE, FL("Invalid WPA IE"));
+                        limSendAssocRspMgmtFrame(pMac,
+                                eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS,
+                                1, pHdr->sa, subType, 0,psessionEntry);
+                        goto error;
+                    }
                     /* check the groupwise and pairwise cipher suites */
                     if(eSIR_SUCCESS != (status = limCheckRxWPAIeMatch(pMac, Dot11fIEWPA, psessionEntry, pAssocReq->HTCaps.present)))
                     {
author	CNSS_WLAN Service <cnssbldsw@qualcomm.com>	2017-06-06 03:37:19 -0700
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2017-06-06 03:37:19 -0700
commit	21850677ce010c763ff05c7817dc16faafb7a124 (patch)
tree	ff896540d48a888c5c805537516a224a2d3fd1b8
parent	8368e2398c84216dcc2c89695c59899c1b58e4a8 (diff)
parent	aae237dfbaf8edcf310eeb84b887b20e7e9c0ff3 (diff)