diff options
author | PixelBot AutoMerger <android-nexus-securitybot@system.gserviceaccount.com> | 2021-08-08 18:20:04 -0700 |
---|---|---|
committer | SecurityBot <android-nexus-securitybot@system.gserviceaccount.com> | 2021-08-08 18:20:05 -0700 |
commit | 04f617e458e935f3bee31a42527540294b69cd90 (patch) | |
tree | f478977c471f6e0a3165c83c63eda78dad696577 | |
parent | f222c2ffc35322771bba2d07a38eb5518ca3a927 (diff) | |
parent | 7b1331a00c8ad5a7fe35b46ff4376d4d289ca97a (diff) | |
download | qcacld-04f617e458e935f3bee31a42527540294b69cd90.tar.gz |
Merge android-msm-barbet-4.19-sc into android-msm-barbet-4.19
SBMerger: 379283923
Change-Id: Ia89ab6bab93a395bb8ef8aa0c65aa1ff0f8d2b3b
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
-rw-r--r-- | core/hdd/src/wlan_hdd_cfg80211.c | 23 | ||||
-rw-r--r-- | core/mac/src/pe/lim/lim_process_fils.c | 5 |
2 files changed, 17 insertions, 11 deletions
diff --git a/core/hdd/src/wlan_hdd_cfg80211.c b/core/hdd/src/wlan_hdd_cfg80211.c index de5d602fe7..64a766dc21 100644 --- a/core/hdd/src/wlan_hdd_cfg80211.c +++ b/core/hdd/src/wlan_hdd_cfg80211.c @@ -16496,6 +16496,18 @@ static int __wlan_hdd_cfg80211_add_key(struct wiphy *wiphy, qdf_mem_copy(&set_key.Key[0], params->key, params->key_len); qdf_mem_copy(&set_key.keyRsc[0], params->seq, params->seq_len); + if (!pairwise) { + /* set group key */ + hdd_debug("setting Broadcast key"); + set_key.keyDirection = eSIR_RX_ONLY; + qdf_set_macaddr_broadcast(&set_key.peerMac); + } else { + /* set pairwise key */ + hdd_debug("setting pairwise key"); + set_key.keyDirection = eSIR_TX_RX; + qdf_mem_copy(set_key.peerMac.bytes, mac_addr, QDF_MAC_ADDR_SIZE); + } + mac_handle = hdd_ctx->mac_handle; cdp_peer_flush_frags(cds_get_context(QDF_MODULE_ID_SOC), @@ -16598,17 +16610,6 @@ static int __wlan_hdd_cfg80211_add_key(struct wiphy *wiphy, hdd_debug("encryption type %d", set_key.encType); - if (!pairwise) { - /* set group key */ - hdd_debug("setting Broadcast key"); - set_key.keyDirection = eSIR_RX_ONLY; - qdf_set_macaddr_broadcast(&set_key.peerMac); - } else { - /* set pairwise key */ - hdd_debug("setting pairwise key"); - set_key.keyDirection = eSIR_TX_RX; - qdf_mem_copy(set_key.peerMac.bytes, mac_addr, QDF_MAC_ADDR_SIZE); - } if ((QDF_IBSS_MODE == adapter->device_mode) && !pairwise) { /* if a key is already installed, block all subsequent ones */ if (adapter->session.station.ibss_enc_key_installed) { diff --git a/core/mac/src/pe/lim/lim_process_fils.c b/core/mac/src/pe/lim/lim_process_fils.c index 5596491a0d..9b74ae0236 100644 --- a/core/mac/src/pe/lim/lim_process_fils.c +++ b/core/mac/src/pe/lim/lim_process_fils.c @@ -2235,6 +2235,11 @@ QDF_STATUS aead_decrypt_assoc_rsp(struct mac_context *mac_ctx, uint8_t *fils_ies; struct pe_fils_session *fils_info = session->fils_info; + if (*n_frame < FIXED_PARAM_OFFSET_ASSOC_RSP) { + pe_debug("payload len is less than ASSOC RES offset"); + return QDF_STATUS_E_FAILURE; + } + status = find_ie_data_after_fils_session_ie(mac_ctx, p_frame + FIXED_PARAM_OFFSET_ASSOC_RSP, ((*n_frame) - |