diff options
| author | CNSS_WLAN Service <cnssbldsw@qualcomm.com> | 2019-04-10 20:13:46 -0700 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2019-04-10 20:13:46 -0700 |
| commit | ebfd59fecc7a048eb7eba848d60faaf53f55b087 (patch) | |
| tree | ff1a62a1eb4f27493e342e9a91f14b74d85bd917 | |
| parent | 38c629721c166fe3a3f4d2f89051738655fcfbf0 (diff) | |
| parent | 48bbfadd209b0171de7c411851c44c1d7468f961 (diff) | |
Merge "qcacld-2.0: Possible OOB access in wlan_hdd_cfg80211_start_bss()" into wlan-cld2.driver.lnx.1.0
| -rw-r--r-- | CORE/HDD/src/wlan_hdd_cfg80211.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c index fa19cf1c8bc0..1d1315da8b85 100644 --- a/CORE/HDD/src/wlan_hdd_cfg80211.c +++ b/CORE/HDD/src/wlan_hdd_cfg80211.c @@ -18511,6 +18511,11 @@ static int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, pBeacon->head_len, WLAN_EID_SUPP_RATES); if (pIe != NULL) { pIe++; + if (pIe[0] > SIR_MAC_RATESET_EID_MAX) { + hddLog(LOGE, FL("Invalid supported rates %d"), pIe[0]); + ret = -EINVAL; + goto error; + } pConfig->supported_rates.numRates = pIe[0]; pIe++; for (i = 0; i < pConfig->supported_rates.numRates; i++) @@ -18524,6 +18529,11 @@ static int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, WLAN_EID_EXT_SUPP_RATES); if (pIe != NULL) { pIe++; + if (pIe[0] > SIR_MAC_RATESET_EID_MAX) { + hddLog(LOGE, FL("Invalid supported rates %d"), pIe[0]); + ret = -EINVAL; + goto error; + } pConfig->extended_rates.numRates = pIe[0]; pIe++; for (i = 0; i < pConfig->extended_rates.numRates; i++) |