Piteball
/
android_kernel_google_msm
mirror of https://github.com/followmsi/android_kernel_google_msm.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

qcacld-2.0: Fix incorrect processing of encrypted auth frame 

qcacld-3.0 to qcacld-2.0 propagation.

Fix incorrect processing of encrypted auth frame by allocating
appropriate local buffer and using correct type for frame length.

Change-Id: I87d6f4c3c43dd332d5b1877ddf4b3b46a717468b
CRs-Fixed: 2082544
Fix CVE-2017-11015

Change-Id: I7cb934fa97e0250fdc62eec74000f0dd5b323633
This commit is contained in:
google 2017-12-04 14:14:39 -08:00 committed by Nolen Johnson
parent 18be83da4a
commit 95ed424795
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.c
View File

@ -696,7 +696,7 @@ limRC4(tANI_U8 *pDest, tANI_U8 *pSrc, tANI_U8 *seed, tANI_U32 keyLength, tANI_U1
{
tANI_U8 i = ctx.i;
tANI_U8 j = ctx.j;
tANI_U8 len = (tANI_U8) frameLen;
tANI_U16 len = frameLen;
while (len-- > 0)
{
@ -778,7 +778,7 @@ limDecryptAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pKey, tANI_U8 *pEncrBody,
// Compute CRC-32 and place them in last 4 bytes of encrypted body
limComputeCrc32(icv,
(tANI_U8 *) pPlainBody,
(tANI_U8) (frameLen - SIR_MAC_WEP_ICV_LENGTH));
(frameLen - SIR_MAC_WEP_ICV_LENGTH));
// Compare RX_ICV with computed ICV
for (i = 0; i < SIR_MAC_WEP_ICV_LENGTH; i++)