From 3b1c44a3a7129dc25abe2c23543f6f66c59e8f50 Mon Sep 17 00:00:00 2001 From: Kiran Kumar Lokere Date: Thu, 7 Nov 2013 19:01:17 -0800 Subject: Fix the buffer overflow issue observed in static code analysis. Fix the possible buffer overflow in IE parsing. Change-Id: I1a386ac09dbe30562fbd84739eb8d61c6a09b001 CRs-Fixed: 553937, 553941 --- CORE/MAC/src/include/dot11f.h | 2 +- CORE/SYS/legacy/src/utils/src/dot11f.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CORE/MAC/src/include/dot11f.h b/CORE/MAC/src/include/dot11f.h index 3a82e65..cc89258 100644 --- a/CORE/MAC/src/include/dot11f.h +++ b/CORE/MAC/src/include/dot11f.h @@ -52,7 +52,7 @@ * * * This file was automatically generated by 'framesc' - * Tue Jul 2 15:39:44 2013 from the following file(s): + * Thu Nov 7 16:38:38 2013 from the following file(s): * * dot11f.frms * diff --git a/CORE/SYS/legacy/src/utils/src/dot11f.c b/CORE/SYS/legacy/src/utils/src/dot11f.c index 411f593..1b89baa 100644 --- a/CORE/SYS/legacy/src/utils/src/dot11f.c +++ b/CORE/SYS/legacy/src/utils/src/dot11f.c @@ -29,7 +29,7 @@ * * * This file was automatically generated by 'framesc' - * Tue Jul 2 15:39:44 2013 from the following file(s): + * Thu Nov 7 16:38:38 2013 from the following file(s): * * dot11f.frms * @@ -2976,7 +2976,7 @@ tANI_U32 dot11fUnpackIeCountry(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen else { pDst->num_triplets = (tANI_U8)( ielen / 3 ); - if (ielen / 3 > 84){ + if (ielen > 84 * 3){ pDst->present = 0; return DOT11F_SKIPPED_BAD_IE; } @@ -4650,7 +4650,7 @@ tANI_U32 dot11fUnpackIeSuppChannels(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; pDst->num_bands = (tANI_U8)( ielen / 2 ); - if (ielen / 2 > 48){ + if (ielen > 48 * 2){ pDst->present = 0; return DOT11F_SKIPPED_BAD_IE; } -- cgit v1.1