diff options
| author | Varun Reddy Yeturu <varunreddy.yeturu@codeaurora.org> | 2017-08-02 16:47:51 -0700 |
|---|---|---|
| committer | snandini <snandini@codeaurora.org> | 2017-08-09 19:48:47 -0700 |
| commit | af8a9e6878443bf6ff8d63deaaa55e4a22b914ff (patch) | |
| tree | f6f0053dbaae691e413eaad97fcdcacc787e2c28 | |
| parent | c5df801424f3373bfbf9fb62144425e24d8c3285 (diff) | |
qcacld-3.0: Fix wpa index overflow issue
Check if wpa index for the OUI retrieval is
going beyond the limit of the array and return
Change-Id: I040246d7a7c2ca387282dc4d86ffdbdf34007323
CRs-Fixed: 2085702
| -rw-r--r-- | core/sme/src/csr/csr_util.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/core/sme/src/csr/csr_util.c b/core/sme/src/csr/csr_util.c index c0bf9be311d5..9773d11f9e74 100644 --- a/core/sme/src/csr/csr_util.c +++ b/core/sme/src/csr/csr_util.c @@ -3792,6 +3792,7 @@ static bool csr_get_wpa_cyphers(tpAniSirGlobal mac_ctx, tCsrAuthList *auth_type, uint8_t authentication[CSR_WPA_OUI_SIZE]; uint8_t mccipher_arr[1][CSR_WPA_OUI_SIZE]; uint8_t i; + uint8_t index; eCsrAuthType neg_authtype = eCSR_AUTH_TYPE_UNKNOWN; if (!wpa_ie->present) @@ -3801,20 +3802,38 @@ static bool csr_get_wpa_cyphers(tpAniSirGlobal mac_ctx, tCsrAuthList *auth_type, c_ucast_cipher = (uint8_t) (wpa_ie->unicast_cipher_count); c_auth_suites = (uint8_t) (wpa_ie->auth_suite_count); + /* + * csr_match_wpaoui_index will provide the index of the + * array csr_wpa_oui to be read and determine if it is + * accepatable cipher or not. Below check ensures that + * the index will not be out of range of the array size. + */ + index = csr_get_oui_index_from_cipher(encr_type); + if (!(index < (sizeof(csr_wpa_oui)/CSR_WPA_OUI_SIZE))) { + sme_debug("Unacceptable index: %d", index); + goto end; + } + + sme_debug("kw_dbg: index: %d", index); /* Check - Is requested unicast Cipher supported by the BSS. */ acceptable_cipher = csr_match_wpaoui_index(mac_ctx, wpa_ie->unicast_ciphers, c_ucast_cipher, - csr_get_oui_index_from_cipher(encr_type), - unicast); + index, unicast); if (!acceptable_cipher) goto end; /* unicast is supported. Pick the first matching Group cipher, if any */ for (i = 0; i < mc_encryption->numEntries; i++) { + index = csr_get_oui_index_from_cipher( + mc_encryption->encryptionType[i]); + sme_debug("kw_dbg: index: %d", index); + if (!(index < (sizeof(csr_wpa_oui)/CSR_WPA_OUI_SIZE))) { + sme_debug("Unacceptable MC index: %d", index); + acceptable_cipher = false; + continue; + } acceptable_cipher = csr_match_wpaoui_index(mac_ctx, mccipher_arr, c_mcast_cipher, - csr_get_oui_index_from_cipher( - mc_encryption->encryptionType[i]), - multicast); + index, multicast); if (acceptable_cipher) break; } |
