qcacld-3.0: Check ie_len against 255 in function get_container_ies_len

In function get_container_ies_len, output parameter pnConsumed is
uint8_t and poses a risk of integer overflow. Check value against 255
before assigning to output parameter.

Change-Id: I6e02037952ced13de45a6c030cc5a1e85070f5cd
CRs-Fixed: 2125781

2 files changed, 4 insertions, 2 deletions

diff --git a/core/mac/src/include/dot11f.h b/core/mac/src/include/dot11f.h
index c09d6a8df85b..583b40f3137b 100644
--- a/core/mac/src/include/dot11f.h
+++ b/core/mac/src/include/dot11f.h
@@ -35,7 +35,7 @@
  *
  *
  * This file was automatically generated by 'framesc'
- * Thur Oct 12 10:18:09 2017 from the following file(s):
+ * Thur Oct 12 17:18:09 2017 from the following file(s):
  *
  * dot11f.frms
  *
diff --git a/core/mac/src/sys/legacy/src/utils/src/dot11f.c b/core/mac/src/sys/legacy/src/utils/src/dot11f.c
index 980b6f29b0b6..6f3188a45f9a 100644
--- a/core/mac/src/sys/legacy/src/utils/src/dot11f.c
+++ b/core/mac/src/sys/legacy/src/utils/src/dot11f.c
@@ -33,7 +33,7 @@
  *
  *
  * This file was automatically generated by 'framesc'
- * Thur Oct 12 10:18:09 2017 from the following file(s):
+ * Thur Oct 12 17:18:09 2017 from the following file(s):
  *
  * dot11f.frms
  *
@@ -349,6 +349,8 @@ static uint32_t get_container_ies_len(tpAniSirGlobal pCtx,
 		pBufRemaining += *(pBufRemaining + 1) + 2;
 	}
 
+	if (len > 0xFF)
+		return DOT11F_INTERNAL_ERROR;
 	*pnConsumed = len;
 	return DOT11F_PARSE_SUCCESS;