From 41b0d875bdcd2a6de2639b32742f7f293d228aba Mon Sep 17 00:00:00 2001
From: SaidiReddy Yenuga <saidir@codeaurora.org>
Date: Wed, 23 Nov 2016 12:12:43 +0530
Subject: qcacld-2.0: Validate station id

In function __hdd_softap_hard_start_xmit, station id is
not validated with max station count, this might lead to
a buffer overflow situation for array aStaInfo in SapCtx.

Validate station id with max sta count.

CRs-Fixed: 1093122
Change-Id: If9f59c5a7b76845bb7783a96453e595b5afa4f30
---
 CORE/HDD/src/wlan_hdd_softap_tx_rx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CORE/HDD/src/wlan_hdd_softap_tx_rx.c b/CORE/HDD/src/wlan_hdd_softap_tx_rx.c
index 29d4276e76a9..8ededcecbcf8 100644
--- a/CORE/HDD/src/wlan_hdd_softap_tx_rx.c
+++ b/CORE/HDD/src/wlan_hdd_softap_tx_rx.c
@@ -311,7 +311,7 @@ int __hdd_softap_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
                goto drop_pkt;
            }
 
-           if (STAId == HDD_WLAN_INVALID_STA_ID)
+           if (STAId == HDD_WLAN_INVALID_STA_ID || STAId >= WLAN_MAX_STA_COUNT)
            {
                VOS_TRACE( VOS_MODULE_ID_HDD_SAP_DATA, VOS_TRACE_LEVEL_WARN,
                           "%s: Failed to find right station", __func__);
-- 
cgit v1.2.3