mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-11 08:54:28 -05:00
62 lines
2.0 KiB
Diff
62 lines
2.0 KiB
Diff
|
From 3b1c44a3a7129dc25abe2c23543f6f66c59e8f50 Mon Sep 17 00:00:00 2001
|
||
|
From: Kiran Kumar Lokere <klokere@codeaurora.org>
|
||
|
Date: Thu, 7 Nov 2013 19:01:17 -0800
|
||
|
Subject: Fix the buffer overflow issue observed in static code analysis.
|
||
|
|
||
|
Fix the possible buffer overflow in IE parsing.
|
||
|
|
||
|
Change-Id: I1a386ac09dbe30562fbd84739eb8d61c6a09b001
|
||
|
CRs-Fixed: 553937, 553941
|
||
|
---
|
||
|
CORE/MAC/src/include/dot11f.h | 2 +-
|
||
|
CORE/SYS/legacy/src/utils/src/dot11f.c | 6 +++---
|
||
|
2 files changed, 4 insertions(+), 4 deletions(-)
|
||
|
|
||
|
diff --git a/CORE/MAC/src/include/dot11f.h b/CORE/MAC/src/include/dot11f.h
|
||
|
index 3a82e65..cc89258 100644
|
||
|
--- a/CORE/MAC/src/include/dot11f.h
|
||
|
+++ b/CORE/MAC/src/include/dot11f.h
|
||
|
@@ -52,7 +52,7 @@
|
||
|
*
|
||
|
*
|
||
|
* This file was automatically generated by 'framesc'
|
||
|
- * Tue Jul 2 15:39:44 2013 from the following file(s):
|
||
|
+ * Thu Nov 7 16:38:38 2013 from the following file(s):
|
||
|
*
|
||
|
* dot11f.frms
|
||
|
*
|
||
|
diff --git a/CORE/SYS/legacy/src/utils/src/dot11f.c b/CORE/SYS/legacy/src/utils/src/dot11f.c
|
||
|
index 411f593..1b89baa 100644
|
||
|
--- a/CORE/SYS/legacy/src/utils/src/dot11f.c
|
||
|
+++ b/CORE/SYS/legacy/src/utils/src/dot11f.c
|
||
|
@@ -29,7 +29,7 @@
|
||
|
*
|
||
|
*
|
||
|
* This file was automatically generated by 'framesc'
|
||
|
- * Tue Jul 2 15:39:44 2013 from the following file(s):
|
||
|
+ * Thu Nov 7 16:38:38 2013 from the following file(s):
|
||
|
*
|
||
|
* dot11f.frms
|
||
|
*
|
||
|
@@ -2976,7 +2976,7 @@ tANI_U32 dot11fUnpackIeCountry(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen
|
||
|
else
|
||
|
{
|
||
|
pDst->num_triplets = (tANI_U8)( ielen / 3 );
|
||
|
- if (ielen / 3 > 84){
|
||
|
+ if (ielen > 84 * 3){
|
||
|
pDst->present = 0;
|
||
|
return DOT11F_SKIPPED_BAD_IE;
|
||
|
}
|
||
|
@@ -4650,7 +4650,7 @@ tANI_U32 dot11fUnpackIeSuppChannels(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8
|
||
|
if (pDst->present) status = DOT11F_DUPLICATE_IE;
|
||
|
pDst->present = 1;
|
||
|
pDst->num_bands = (tANI_U8)( ielen / 2 );
|
||
|
- if (ielen / 2 > 48){
|
||
|
+ if (ielen > 48 * 2){
|
||
|
pDst->present = 0;
|
||
|
return DOT11F_SKIPPED_BAD_IE;
|
||
|
}
|
||
|
--
|
||
|
cgit v1.1
|
||
|
|