qcacld-2.0: Fix incorrect processing of encrypted auth frame
qcacld-3.0 to qcacld-2.0 propagation. Fix incorrect processing of encrypted auth frame by allocating appropriate local buffer and using correct type for frame length. Change-Id: I87d6f4c3c43dd332d5b1877ddf4b3b46a717468b CRs-Fixed: 2082544 Fix CVE-2017-11015 Change-Id: I7cb934fa97e0250fdc62eec74000f0dd5b323633
This commit is contained in:
parent
18be83da4a
commit
95ed424795
|
@ -696,7 +696,7 @@ limRC4(tANI_U8 *pDest, tANI_U8 *pSrc, tANI_U8 *seed, tANI_U32 keyLength, tANI_U1
|
|||
{
|
||||
tANI_U8 i = ctx.i;
|
||||
tANI_U8 j = ctx.j;
|
||||
tANI_U8 len = (tANI_U8) frameLen;
|
||||
tANI_U16 len = frameLen;
|
||||
|
||||
while (len-- > 0)
|
||||
{
|
||||
|
@ -778,7 +778,7 @@ limDecryptAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pKey, tANI_U8 *pEncrBody,
|
|||
// Compute CRC-32 and place them in last 4 bytes of encrypted body
|
||||
limComputeCrc32(icv,
|
||||
(tANI_U8 *) pPlainBody,
|
||||
(tANI_U8) (frameLen - SIR_MAC_WEP_ICV_LENGTH));
|
||||
(frameLen - SIR_MAC_WEP_ICV_LENGTH));
|
||||
|
||||
// Compare RX_ICV with computed ICV
|
||||
for (i = 0; i < SIR_MAC_WEP_ICV_LENGTH; i++)
|
||||
|
|
Loading…
Reference in New Issue