msm-modules/qcacld.git - [no description]

diff options

author	Ashish Kumar Dhanotiya <adhanoti@codeaurora.org>	2019-12-12 14:17:03 +0530
committer	Isaac Chiou <isaacchiou@google.com>	2020-05-18 14:42:34 +0800
commit	725e65c70af7878f9cfdf779ce53bf93fd0e8a5b (patch)
tree	c664af5a4b19751578cc9816ffb43dc6d5e866b6 /core/mac/src/pe/rrm/rrm_api.c
parent	6e094d3e5c3544ff04f75454979025a2f4795e40 (diff)
download	qcacld-725e65c70af7878f9cfdf779ce53bf93fd0e8a5b.tar.gz

qcacld-3.0: Validate assoc response IE len before copy

When host sends ft assoc response to supplicant, it allocates a buffer of fixed size and copies a variable length of assoc response IEs to this fixed sized buffer. There is a possibility of OOB write to the allocated buffer if the assoc response IEs length is greater than the allocated buffer size. To avoid above issue validate the assoc response IEs length with the allocated buffer size before data copy to the buffer. Bug: 155654321 Change-ID: Ife9c2071a8cc4a2918b9f349f4024478f94b2d78 CRs-Fixed: 2575144

Diffstat (limited to 'core/mac/src/pe/rrm/rrm_api.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: