diff options
| -rw-r--r-- | CORE/MAC/src/pe/lim/limProcessDeauthFrame.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/CORE/MAC/src/pe/lim/limProcessDeauthFrame.c b/CORE/MAC/src/pe/lim/limProcessDeauthFrame.c index e20aa3770c2b..21f73925cebe 100644 --- a/CORE/MAC/src/pe/lim/limProcessDeauthFrame.c +++ b/CORE/MAC/src/pe/lim/limProcessDeauthFrame.c @@ -80,9 +80,9 @@ limProcessDeauthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession p tpPESession pRoamSessionEntry=NULL; tANI_U8 roamSessionId; #ifdef WLAN_FEATURE_11W - tANI_U32 frameLen; bool need_ind_uplayer = true; #endif + tANI_U32 frameLen; int8_t frame_rssi; pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo); @@ -90,6 +90,13 @@ limProcessDeauthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession p pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo); frame_rssi = (int8_t)WDA_GET_RX_RSSI_NORMALIZED(pRxPacketInfo); + frameLen = WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo); + if (frameLen < sizeof(reasonCode)) { + PELOGE(limLog(pMac, LOGE, + FL("Invalid framelen received %d"), frameLen);) + return; + } + if (LIM_IS_STA_ROLE(psessionEntry) && ((eLIM_SME_WT_DISASSOC_STATE == psessionEntry->limSmeState) || (eLIM_SME_WT_DEAUTH_STATE == psessionEntry->limSmeState))) @@ -161,7 +168,6 @@ limProcessDeauthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession p PELOGE(limLog(pMac, LOGE, FL("received an unprotected deauth from AP"));) // If the frame received is unprotected, forward it to the supplicant to initiate // an SA query - frameLen = WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo); //send the unprotected frame indication to SME limSendSmeUnprotectedMgmtFrameInd(pMac, pHdr->fc.subType, |