From 64297e4caffdf6b1a90807bbdb65a66b43582228 Mon Sep 17 00:00:00 2001
From: Sridhar Selvaraj <sselvara@codeaurora.org>
Date: Fri, 30 Jun 2017 19:11:21 +0530
Subject: prima: Skip an IE if found more its max times in a frame

Check if a IE has been encountered more than max possible for that IE
while parsing a frame.

Change-Id: I1054c7df18780469849be55fc4343f09ac502a49
CRs-Fixed: 2069927
---
 CORE/MAC/src/include/dot11f.h          | 6 +++---
 CORE/SYS/legacy/src/utils/src/dot11f.c | 9 +++++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/CORE/MAC/src/include/dot11f.h b/CORE/MAC/src/include/dot11f.h
index ab2228e..52c714e 100644
--- a/CORE/MAC/src/include/dot11f.h
+++ b/CORE/MAC/src/include/dot11f.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2014 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2014, 2017 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -30,7 +30,7 @@
   *
   *
   * This file was automatically generated by 'framesc'
-  * Mon Nov 10 19:49:53 2014 from the following file(s):
+  * Tue Jul  4 11:19:48 2017 from the following file(s):
   *
   * dot11f.frms
   *
@@ -84,8 +84,8 @@ typedef tANI_U32 tDOT11F_U64[2];
 #define DOT11F_BUFFER_OVERFLOW       ( 0x10000005 )
 #define DOT11F_MANDATORY_TLV_MISSING ( 0x00001000 )
 #define DOT11F_FAILED(code)          ( (code) & 0x10000000 )
-#define DOT11F_WARNED(code)          ( ( ( 0 == (code) ) & 0x10000000 ) && code)
 #define DOT11F_SUCCEEDED(code)       ( (code) == 0 )
+#define DOT11F_WARNED(code)          (!DOT11F_SUCCEEDED(code) && !DOT11F_FAILED(code))
 
 /*********************************************************************
  * Fixed Fields                                                      *
diff --git a/CORE/SYS/legacy/src/utils/src/dot11f.c b/CORE/SYS/legacy/src/utils/src/dot11f.c
index a4fbb05..f3f621c 100644
--- a/CORE/SYS/legacy/src/utils/src/dot11f.c
+++ b/CORE/SYS/legacy/src/utils/src/dot11f.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2014 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2014, 2017 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -28,7 +28,7 @@
   *
   *
   * This file was automatically generated by 'framesc'
-  * Mon Nov 10 19:49:53 2014 from the following file(s):
+  * Tue Jul  4 11:19:48 2017 from the following file(s):
   *
   * dot11f.frms
   *
@@ -20733,6 +20733,10 @@ static tANI_U32 UnpackCore(tpAniSirGlobal pCtx,
                 }
 
         countOffset = ( (0 != pIe->arraybound) * ( *(tANI_U16* )(pFrm + pIe->countOffset)));
+        if (0 != pIe->arraybound && countOffset >= pIe->arraybound) {
+            status |= DOT11F_DUPLICATE_IE;
+            goto skip_dup_ie;
+        }
                 switch (pIe->sig)
                 {
                 case SigIeAPName:
@@ -21207,6 +21211,7 @@ static tANI_U32 UnpackCore(tpAniSirGlobal pCtx,
             status |= DOT11F_UNKNOWN_IES;
         }
 
+skip_dup_ie:
         pBufRemaining += len;
 
          if (len > nBufRemaining)
-- 
cgit v1.1