From dd8a4c8db72bcd79c9ebccebbae0a33ba28c330b Mon Sep 17 00:00:00 2001 From: Sridhar Selvaraj Date: Wed, 26 Jul 2017 12:17:20 +0530 Subject: qcacld-2.0: Fix incorrect processing of encrypted auth frame qcacld-3.0 to qcacld-2.0 propagation. Fix incorrect processing of encrypted auth frame by allocating appropriate local buffer and using correct type for frame length. Change-Id: I87d6f4c3c43dd332d5b1877ddf4b3b46a717468b CRs-Fixed: 2082544 --- CORE/MAC/src/pe/lim/limSecurityUtils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CORE/MAC/src/pe/lim/limSecurityUtils.c b/CORE/MAC/src/pe/lim/limSecurityUtils.c index d326acd70a8d..f51c4a65ae65 100644 --- a/CORE/MAC/src/pe/lim/limSecurityUtils.c +++ b/CORE/MAC/src/pe/lim/limSecurityUtils.c @@ -762,7 +762,7 @@ limRC4(tANI_U8 *pDest, tANI_U8 *pSrc, tANI_U8 *seed, tANI_U32 keyLength, tANI_U1 { tANI_U8 i = ctx.i; tANI_U8 j = ctx.j; - tANI_U8 len = (tANI_U8) frameLen; + tANI_U16 len = frameLen; while (len-- > 0) { @@ -844,7 +844,7 @@ limDecryptAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pKey, tANI_U8 *pEncrBody, // Compute CRC-32 and place them in last 4 bytes of encrypted body limComputeCrc32(icv, (tANI_U8 *) pPlainBody, - (tANI_U8) (frameLen - SIR_MAC_WEP_ICV_LENGTH)); + (frameLen - SIR_MAC_WEP_ICV_LENGTH)); // Compare RX_ICV with computed ICV for (i = 0; i < SIR_MAC_WEP_ICV_LENGTH; i++) -- cgit v1.2.3