diff options
| author | Jyoti Kumari <jyotkuma@codeaurora.org> | 2021-01-29 12:59:07 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2021-05-02 21:01:03 -0700 |
| commit | 1edcf4f6758512de056709edcb667b9902630031 (patch) | |
| tree | 2dbdbbef932e17e985ae01fa59b1c57d55896ec0 /tools/perf/scripts/python/export-to-postgresql.py | |
| parent | c19e3e2207689da7a6ea18e523d796bdc44aafdf (diff) | |
qcacld-3.0: Fix integer underflow in assoc response frame
In func aead_decrypt_assoc_rsp(), it calls
find_ie_data_after_fils_session_ie() to find IE pointer after
FILS session IE from the frame payload.
There is possibility of integer underflow if frame payload length is
less than FIXED_PARAM_OFFSET_ASSOC_RSP which may increase value
of buf_len variable in find_ie_data_after_fils_session_ie() and
cause OOB during parsing process.
Validate frame payload length with FIXED_PARAM_OFFSET_ASSOC_RSP,
if it is less then return failure.
Change-Id: I78fbcfeaa1058fcf2a6fe47cd5c26390b54974af
CRs-Fixed: 2859024
Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')
0 files changed, 0 insertions, 0 deletions