diff options
| author | Padma, Santhosh Kumar <skpadma@codeaurora.org> | 2017-11-07 18:40:17 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2017-11-10 09:57:18 -0800 |
| commit | 8afcee9fc441da71dbad40cc63cf9a5f7fd849cb (patch) | |
| tree | 93b9e1ebdc515b4eb97aef5a6e48b9e620827ef8 | |
| parent | 36e2a61672f2c46a5c3e46000b064bbe442af3e1 (diff) | |
qcacld-3.0: Avoid buffer overflow
Add max check for probe request length against max length of probe
request buffer to avoid buffer overflow.
Change-Id: Ie0fad7443b2c749c66bb9ad662625a16d3a840c3
CRs-Fixed: 2138555
| -rw-r--r-- | core/mac/src/pe/lim/lim_process_probe_req_frame.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/core/mac/src/pe/lim/lim_process_probe_req_frame.c b/core/mac/src/pe/lim/lim_process_probe_req_frame.c index e42c454358d7..60add74521c4 100644 --- a/core/mac/src/pe/lim/lim_process_probe_req_frame.c +++ b/core/mac/src/pe/lim/lim_process_probe_req_frame.c @@ -668,6 +668,13 @@ lim_send_sme_probe_req_ind(tpAniSirGlobal pMac, MTRACE(mac_trace(pMac, TRACE_CODE_TX_SME_MSG, psessionEntry->peSessionId, msgQ.type)); + + if (ProbeReqIELen > sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq. + probeReqIE)) { + ProbeReqIELen = sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq. + probeReqIE); + } + pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIELen = (uint16_t) ProbeReqIELen; qdf_mem_copy(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE, pProbeReqIE, |
