summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNaveen Rawat <naveenrawat@codeaurora.org>2017-12-12 17:49:48 -0800
committersnandini <snandini@codeaurora.org>2017-12-15 16:41:33 -0800
commite5026dc32959c9c227de3497ffd527db11ef9e08 (patch)
tree484fb2982a29ed7005119eae19bb9eabb78955c4
parent93bf1753594885c84dc34e70472d1eae1fcf589f (diff)
qcacld-3.0: Reject scan cmd if ie length greater than max allowed
Firmware cannot handle scan IE more than a certain size owing to memory restrictions. Check the scan IE length before passing params to firmware. Change-Id: I73321a9d4932f4cbb876de904dacecf15c9083ff CRs-Fixed: 2159363
-rw-r--r--core/wma/src/wma_scan_roam.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c
index b0c24a40f8fc..53450b0f877d 100644
--- a/core/wma/src/wma_scan_roam.c
+++ b/core/wma/src/wma_scan_roam.c
@@ -195,6 +195,12 @@ QDF_STATUS wma_get_buf_start_scan_cmd(tp_wma_handle wma_handle,
return QDF_STATUS_E_FAILURE;
}
+ if (scan_req->uIEFieldLen > WLAN_SCAN_PARAMS_MAX_IE_LEN) {
+ WMA_LOGD(FL("scan_ie_len (%d) greater than max (%d)"),
+ scan_req->uIEFieldLen, WLAN_SCAN_PARAMS_MAX_IE_LEN);
+ return QDF_STATUS_E_INVAL;
+ }
+
cmd->vdev_id = scan_req->sessionId;
/*
* host cycles through the lower 12 bits for scan id generation