summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVarun Reddy Yeturu <varunreddy.yeturu@codeaurora.org>2017-08-02 16:47:51 -0700
committersnandini <snandini@codeaurora.org>2017-08-09 19:48:47 -0700
commitaf8a9e6878443bf6ff8d63deaaa55e4a22b914ff (patch)
treef6f0053dbaae691e413eaad97fcdcacc787e2c28
parentc5df801424f3373bfbf9fb62144425e24d8c3285 (diff)
qcacld-3.0: Fix wpa index overflow issue
Check if wpa index for the OUI retrieval is going beyond the limit of the array and return Change-Id: I040246d7a7c2ca387282dc4d86ffdbdf34007323 CRs-Fixed: 2085702
-rw-r--r--core/sme/src/csr/csr_util.c29
1 files changed, 24 insertions, 5 deletions
diff --git a/core/sme/src/csr/csr_util.c b/core/sme/src/csr/csr_util.c
index c0bf9be311d5..9773d11f9e74 100644
--- a/core/sme/src/csr/csr_util.c
+++ b/core/sme/src/csr/csr_util.c
@@ -3792,6 +3792,7 @@ static bool csr_get_wpa_cyphers(tpAniSirGlobal mac_ctx, tCsrAuthList *auth_type,
uint8_t authentication[CSR_WPA_OUI_SIZE];
uint8_t mccipher_arr[1][CSR_WPA_OUI_SIZE];
uint8_t i;
+ uint8_t index;
eCsrAuthType neg_authtype = eCSR_AUTH_TYPE_UNKNOWN;
if (!wpa_ie->present)
@@ -3801,20 +3802,38 @@ static bool csr_get_wpa_cyphers(tpAniSirGlobal mac_ctx, tCsrAuthList *auth_type,
c_ucast_cipher = (uint8_t) (wpa_ie->unicast_cipher_count);
c_auth_suites = (uint8_t) (wpa_ie->auth_suite_count);
+ /*
+ * csr_match_wpaoui_index will provide the index of the
+ * array csr_wpa_oui to be read and determine if it is
+ * accepatable cipher or not. Below check ensures that
+ * the index will not be out of range of the array size.
+ */
+ index = csr_get_oui_index_from_cipher(encr_type);
+ if (!(index < (sizeof(csr_wpa_oui)/CSR_WPA_OUI_SIZE))) {
+ sme_debug("Unacceptable index: %d", index);
+ goto end;
+ }
+
+ sme_debug("kw_dbg: index: %d", index);
/* Check - Is requested unicast Cipher supported by the BSS. */
acceptable_cipher = csr_match_wpaoui_index(mac_ctx,
wpa_ie->unicast_ciphers, c_ucast_cipher,
- csr_get_oui_index_from_cipher(encr_type),
- unicast);
+ index, unicast);
if (!acceptable_cipher)
goto end;
/* unicast is supported. Pick the first matching Group cipher, if any */
for (i = 0; i < mc_encryption->numEntries; i++) {
+ index = csr_get_oui_index_from_cipher(
+ mc_encryption->encryptionType[i]);
+ sme_debug("kw_dbg: index: %d", index);
+ if (!(index < (sizeof(csr_wpa_oui)/CSR_WPA_OUI_SIZE))) {
+ sme_debug("Unacceptable MC index: %d", index);
+ acceptable_cipher = false;
+ continue;
+ }
acceptable_cipher = csr_match_wpaoui_index(mac_ctx,
mccipher_arr, c_mcast_cipher,
- csr_get_oui_index_from_cipher(
- mc_encryption->encryptionType[i]),
- multicast);
+ index, multicast);
if (acceptable_cipher)
break;
}