qcacld-2.0: Avoid buffer overflow when handle 11w rmf
If 11w is enabled, mmie should be included in broadcast multicast rmf, length check need consider it to avoid buffer overflow. CRs-Fixed: 2319068 Change-Id: I6c2ebe18fb5b6e4246ba6d28c1dbc55175279e30
This commit is contained in:
parent
dab2f756c6
commit
c636b5542d
|
@ -758,7 +758,12 @@ static int tlshim_mgmt_rx_process(void *context, u_int8_t *data,
|
|||
IEEE80211_IS_MULTICAST(wh->i_addr1))
|
||||
{
|
||||
efrm = adf_nbuf_data(wbuf) + adf_nbuf_len(wbuf);
|
||||
|
||||
/* Check if frame is invalid length */
|
||||
if (efrm - (uint8_t *)wh <
|
||||
sizeof(*wh) + vos_get_mmie_size()) {
|
||||
TLSHIM_LOGE("Invalid frame length");
|
||||
return 0;
|
||||
}
|
||||
key_id = (u_int16_t)*(efrm - vos_get_mmie_size() + 2);
|
||||
if (!((key_id == WMA_IGTK_KEY_INDEX_4) ||
|
||||
(key_id == WMA_IGTK_KEY_INDEX_5))) {
|
||||
|
|
Loading…
Reference in New Issue