mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-22 05:11:24 -05:00
63 lines
2.1 KiB
Diff
63 lines
2.1 KiB
Diff
|
From c5060da3e741577578d66dfadb7922d853da6156 Mon Sep 17 00:00:00 2001
|
||
|
From: Naveen Rawat <naveenrawat@codeaurora.org>
|
||
|
Date: Tue, 13 Jun 2017 17:29:51 -0700
|
||
|
Subject: qcacld-3.0: Add check for set_ft_ies buffer length
|
||
|
|
||
|
Add check for buffer length in function sme_set_ft_ies.
|
||
|
|
||
|
Change-Id: I7adc56e23316c0ceb193a5bdf8c4c0b5f4fbd20a
|
||
|
CRs-Fixed: 2055659
|
||
|
---
|
||
|
core/hdd/src/wlan_hdd_wext.c | 5 +++++
|
||
|
core/sme/src/common/sme_ft_api.c | 4 ++--
|
||
|
2 files changed, 7 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/core/hdd/src/wlan_hdd_wext.c b/core/hdd/src/wlan_hdd_wext.c
|
||
|
index 637588d..9b35d19 100644
|
||
|
--- a/core/hdd/src/wlan_hdd_wext.c
|
||
|
+++ b/core/hdd/src/wlan_hdd_wext.c
|
||
|
@@ -13692,6 +13692,11 @@ static const struct iw_priv_args we_private_args[] = {
|
||
|
IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
|
||
|
"hostroamdelay"}
|
||
|
,
|
||
|
+
|
||
|
+ {WLAN_PRIV_SET_FTIES,
|
||
|
+ IW_PRIV_TYPE_CHAR | MAX_FTIE_SIZE,
|
||
|
+ 0,
|
||
|
+ "set_ft_ies"},
|
||
|
};
|
||
|
|
||
|
const struct iw_handler_def we_handler_def = {
|
||
|
diff --git a/core/sme/src/common/sme_ft_api.c b/core/sme/src/common/sme_ft_api.c
|
||
|
index de4b656..f97b2e4 100644
|
||
|
--- a/core/sme/src/common/sme_ft_api.c
|
||
|
+++ b/core/sme/src/common/sme_ft_api.c
|
||
|
@@ -150,6 +150,7 @@ void sme_set_ft_ies(tHalHandle hal_ptr, uint32_t session_id,
|
||
|
switch (session->ftSmeContext.FTState) {
|
||
|
case eFT_START_READY:
|
||
|
case eFT_AUTH_REQ_READY:
|
||
|
+ sme_debug("ft_ies_length: %d", ft_ies_length);
|
||
|
if ((session->ftSmeContext.auth_ft_ies) &&
|
||
|
(session->ftSmeContext.auth_ft_ies_length)) {
|
||
|
/* Free the one we recvd last from supplicant */
|
||
|
@@ -157,6 +158,7 @@ void sme_set_ft_ies(tHalHandle hal_ptr, uint32_t session_id,
|
||
|
session->ftSmeContext.auth_ft_ies_length = 0;
|
||
|
session->ftSmeContext.auth_ft_ies = NULL;
|
||
|
}
|
||
|
+ ft_ies_length = QDF_MIN(ft_ies_length, MAX_FTIE_SIZE);
|
||
|
/* Save the FT IEs */
|
||
|
session->ftSmeContext.auth_ft_ies =
|
||
|
qdf_mem_malloc(ft_ies_length);
|
||
|
@@ -169,8 +171,6 @@ void sme_set_ft_ies(tHalHandle hal_ptr, uint32_t session_id,
|
||
|
qdf_mem_copy((uint8_t *)session->ftSmeContext.auth_ft_ies,
|
||
|
ft_ies, ft_ies_length);
|
||
|
session->ftSmeContext.FTState = eFT_AUTH_REQ_READY;
|
||
|
-
|
||
|
- sme_debug("ft_ies_length: %d", ft_ies_length);
|
||
|
break;
|
||
|
|
||
|
case eFT_AUTH_COMPLETE:
|
||
|
--
|
||
|
cgit v1.1
|
||
|
|