qcacld-2.0: Remove off-by-one write condition in schBeaconProcess
In the API, the driver inserts 0 after the SSID name, to mark the end of the ssid, but if the SSID name is 32 characters which is the max SSID length possible, the driver puts 0 at the 33rd place of memory which is not the part of the SSID name, which results in OOB write, or off-by-one write condition. Fix is to remove the addition of 0 after ssid, as in every case the driver prints the ssid, taking the ssid length as the input, and in that case insertion of 0 will not serve any purpose. Change-Id: I1d58026ec9f48fe9d00bd2f50783c65899588978 CRs-Fixed: 2541970
This commit is contained in:
parent
92db492a76
commit
a858116b07
|
@ -1039,10 +1039,11 @@ typedef __ani_attr_pre_packed struct sSirMacRateSet
|
|||
} __ani_attr_packed tSirMacRateSet;
|
||||
|
||||
|
||||
/* Reserve 1 byte for NULL character in the SSID name field to print in %s */
|
||||
typedef __ani_attr_pre_packed struct sSirMacSSid
|
||||
{
|
||||
tANI_U8 length;
|
||||
tANI_U8 ssId[SIR_MAC_MAX_SSID_LENGTH];
|
||||
tANI_U8 ssId[SIR_MAC_MAX_SSID_LENGTH + 1];
|
||||
} __ani_attr_packed tSirMacSSid;
|
||||
|
||||
typedef __ani_attr_pre_packed struct sSirMacWpaInfo
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2012-2015 The Linux Foundation. All rights reserved.
|
||||
* Copyright (c) 2012-2019 The Linux Foundation. All rights reserved.
|
||||
*
|
||||
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
|
||||
*
|
||||
|
@ -759,11 +759,6 @@ void schBeaconProcess(tpAniSirGlobal pMac, tANI_U8* pRxPacketInfo, tpPESession p
|
|||
return;
|
||||
}
|
||||
|
||||
if (beaconStruct.ssidPresent)
|
||||
{
|
||||
beaconStruct.ssId.ssId[beaconStruct.ssId.length] = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* First process the beacon in the context of any existing AP or BTAP session.
|
||||
* This takes cares of following two scenarios:
|
||||
|
|
Loading…
Reference in New Issue