diff options
| author | Naveen Rawat <naveenrawat@codeaurora.org> | 2017-12-12 17:49:48 -0800 |
|---|---|---|
| committer | snandini <snandini@codeaurora.org> | 2017-12-15 16:41:33 -0800 |
| commit | e5026dc32959c9c227de3497ffd527db11ef9e08 (patch) | |
| tree | 484fb2982a29ed7005119eae19bb9eabb78955c4 | |
| parent | 93bf1753594885c84dc34e70472d1eae1fcf589f (diff) | |
qcacld-3.0: Reject scan cmd if ie length greater than max allowed
Firmware cannot handle scan IE more than a certain size owing to memory
restrictions. Check the scan IE length before passing params to firmware.
Change-Id: I73321a9d4932f4cbb876de904dacecf15c9083ff
CRs-Fixed: 2159363
| -rw-r--r-- | core/wma/src/wma_scan_roam.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c index b0c24a40f8fc..53450b0f877d 100644 --- a/core/wma/src/wma_scan_roam.c +++ b/core/wma/src/wma_scan_roam.c @@ -195,6 +195,12 @@ QDF_STATUS wma_get_buf_start_scan_cmd(tp_wma_handle wma_handle, return QDF_STATUS_E_FAILURE; } + if (scan_req->uIEFieldLen > WLAN_SCAN_PARAMS_MAX_IE_LEN) { + WMA_LOGD(FL("scan_ie_len (%d) greater than max (%d)"), + scan_req->uIEFieldLen, WLAN_SCAN_PARAMS_MAX_IE_LEN); + return QDF_STATUS_E_INVAL; + } + cmd->vdev_id = scan_req->sessionId; /* * host cycles through the lower 12 bits for scan id generation |
