From d541aecce07c65fee3ad3a4d900016e4d22f2b3d Mon Sep 17 00:00:00 2001 From: Karthik Jadala Date: Wed, 4 May 2016 11:15:45 +0530 Subject: qcacld-2.0: Fix buffer overwrite problem in CCXBEACONREQ Set the number of IE fields to minimum of input data and SIR_ESE_MAX_MEAS_IE_REQS. Change-Id: Ie53cfec7872ab69530bbb8932f9f9e85fb319f92 CRs-Fixed: 993561 --- CORE/HDD/src/wlan_hdd_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c index c3e3786..4d5a86c 100644 --- a/CORE/HDD/src/wlan_hdd_main.c +++ b/CORE/HDD/src/wlan_hdd_main.c @@ -5530,17 +5530,17 @@ static VOS_STATUS hdd_parse_ese_beacon_req(tANI_U8 *pValue, /*no argument followed by spaces*/ if ('\0' == *inPtr) return -EINVAL; - /*getting the first argument ie measurement token*/ + /*getting the first argument ie Number of IE fields*/ v = sscanf(inPtr, "%31s ", buf); if (1 != v) return -EINVAL; v = kstrtos32(buf, 10, &tempInt); if ( v < 0) return -EINVAL; + tempInt = VOS_MIN(tempInt, SIR_ESE_MAX_MEAS_IE_REQS); pEseBcnReq->numBcnReqIe = tempInt; - VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO_HIGH, - "Number of Bcn Req Ie fields(%d)", pEseBcnReq->numBcnReqIe); + hddLog(LOG1, "Number of Bcn Req Ie fields: %d", pEseBcnReq->numBcnReqIe); for (j = 0; j < (pEseBcnReq->numBcnReqIe); j++) { -- cgit v1.1