diff options
| author | tinlin <tinlin@codeaurora.org> | 2018-03-12 18:06:27 +0800 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2018-03-12 03:32:52 -0700 |
| commit | 198f5a7bd6315d8e80df8f57bf291ff9a31950e2 (patch) | |
| tree | 5f79e7a30b71f77b4642a126e763321323581d69 /tools/perf/scripts/python | |
| parent | d6f30ab8c3368838e95133b8c0b5d19e72b7332c (diff) | |
qcacld-2.0: Fix potential OOB read in lim_parse_kde_elements
Propagation from cld3.0 to cld2.0.
In function lim_parse_kde_elements, while parsing the KDE list from
the assoc response frame, elem_len is obtained from the frame buffer.
elem_len is then used to find the matching OUI for KDE OUI type and
then to calculate data_len based on the offset for the GTK/IGTK data
types.
If the value in elem_len field in the frame is less than the Data
Offset (which includes the OUI and data type) or the GTK/IGTK offset
then a OOB read would occur.
Add checks to validate the elem_len with Data offset and then with
the GTK/IGTK offset based on the data type.
Change-Id: I8ae31c6d6c28e88ad9bda757b3f1ff2585f8a553
CRs-Fixed: 2203857
Diffstat (limited to 'tools/perf/scripts/python')
0 files changed, 0 insertions, 0 deletions