qcacld-3.0: Add NULL IE check

Beacons with NULL IE's are triggering crash
in framework.

Add condition check in WMA to drop beacons
with NULL IE.

Change-Id: Ie28cd513713668334a77a2e8f5f345d79f68fcb5
CRs-Fixed: 2047525

1 files changed, 11 insertions, 0 deletions

diff --git a/core/wma/src/wma_mgmt.c b/core/wma/src/wma_mgmt.c
index 7a4a40289a..caea1a48fe 100644
--- a/core/wma/src/wma_mgmt.c
+++ b/core/wma/src/wma_mgmt.c
@@ -3479,6 +3479,17 @@ static int wma_mgmt_rx_process(void *handle, uint8_t *data,
 
 	rx_pkt->pkt_meta.sessionId =
 		(vdev_id == WMA_INVALID_VDEV_ID ? 0 : vdev_id);
+	if (mgt_type == IEEE80211_FC0_TYPE_MGT &&
+	    (mgt_subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
+	     mgt_subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
+		if (hdr->buf_len <=
+			(sizeof(struct ieee80211_frame) +
+			offsetof(struct sSirProbeRespBeacon, ssId))) {
+			WMA_LOGD("Dropping frame from "MAC_ADDRESS_STR, MAC_ADDR_ARRAY(wh->i_addr3));
+			cds_pkt_return_packet(rx_pkt);
+			return -EINVAL;
+		}
+	}
 
 	if (wma_is_pkt_drop_candidate(wma_handle, wh->i_addr2, wh->i_addr3,
 					mgt_subtype)) {