summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPadma, Santhosh Kumar <skpadma@codeaurora.org>2017-11-07 18:40:17 +0530
committerGerrit - the friendly Code Review server <code-review@localhost>2017-11-10 09:57:18 -0800
commit8afcee9fc441da71dbad40cc63cf9a5f7fd849cb (patch)
tree93b9e1ebdc515b4eb97aef5a6e48b9e620827ef8
parent36e2a61672f2c46a5c3e46000b064bbe442af3e1 (diff)
qcacld-3.0: Avoid buffer overflow
Add max check for probe request length against max length of probe request buffer to avoid buffer overflow. Change-Id: Ie0fad7443b2c749c66bb9ad662625a16d3a840c3 CRs-Fixed: 2138555
-rw-r--r--core/mac/src/pe/lim/lim_process_probe_req_frame.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/core/mac/src/pe/lim/lim_process_probe_req_frame.c b/core/mac/src/pe/lim/lim_process_probe_req_frame.c
index e42c454358d7..60add74521c4 100644
--- a/core/mac/src/pe/lim/lim_process_probe_req_frame.c
+++ b/core/mac/src/pe/lim/lim_process_probe_req_frame.c
@@ -668,6 +668,13 @@ lim_send_sme_probe_req_ind(tpAniSirGlobal pMac,
MTRACE(mac_trace(pMac, TRACE_CODE_TX_SME_MSG,
psessionEntry->peSessionId, msgQ.type));
+
+ if (ProbeReqIELen > sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq.
+ probeReqIE)) {
+ ProbeReqIELen = sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq.
+ probeReqIE);
+ }
+
pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIELen =
(uint16_t) ProbeReqIELen;
qdf_mem_copy(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE, pProbeReqIE,