From cc1896424ae7a346090f601bc69c6ca51d9c3e04 Mon Sep 17 00:00:00 2001
From: Nishank Aggarwal <naggar@codeaurora.org>
Date: Tue, 27 Jun 2017 12:34:21 +0530
Subject: qcacld-2.0: Add check for set_ft_ies buffer length

qcacld-3.0 to qcacld-2.0 propagation

Add check for buffer length in function sme_set_ft_ies.

Change-Id: I7adc56e23316c0ceb193a5bdf8c4c0b5f4fbd20a
CRs-Fixed: 2070583
---
 CORE/HDD/src/wlan_hdd_wext.c        | 4 ++++
 CORE/SME/src/sme_common/sme_FTApi.c | 8 +++-----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index 72d499c..562f20f 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c
@@ -12598,6 +12598,10 @@ static const struct iw_priv_args we_private_args[] = {
     {   WE_DUMP_DP_TRACE_LEVEL,
         IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2,
         0, "dump_dp_trace"},
+    {
+        WLAN_PRIV_SET_FTIES,
+        IW_PRIV_TYPE_CHAR | MAX_FTIE_SIZE,
+        0, "set_ft_ies"},
 };
 
 
diff --git a/CORE/SME/src/sme_common/sme_FTApi.c b/CORE/SME/src/sme_common/sme_FTApi.c
index 26a7ef8..16b1f09 100644
--- a/CORE/SME/src/sme_common/sme_FTApi.c
+++ b/CORE/SME/src/sme_common/sme_FTApi.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2014, 2016 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2014, 2017 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -163,6 +163,7 @@ void sme_SetFTIEs(tHalHandle hHal, tANI_U32 sessionId, const tANI_U8 *ft_ies,
    {
       case eFT_START_READY:
       case eFT_AUTH_REQ_READY:
+         smsLog( pMac, LOG1, FL("ft_ies_length: %d"), ft_ies_length);
          if ((pSession->ftSmeContext.auth_ft_ies) &&
                (pSession->ftSmeContext.auth_ft_ies_length))
          {
@@ -171,7 +172,7 @@ void sme_SetFTIEs(tHalHandle hHal, tANI_U32 sessionId, const tANI_U8 *ft_ies,
             pSession->ftSmeContext.auth_ft_ies_length = 0;
             pSession->ftSmeContext.auth_ft_ies = NULL;
          }
-
+         ft_ies_length = MIN(ft_ies_length, MAX_FTIE_SIZE);
          // Save the FT IEs
          pSession->ftSmeContext.auth_ft_ies =
             vos_mem_malloc(ft_ies_length);
@@ -187,9 +188,6 @@ void sme_SetFTIEs(tHalHandle hHal, tANI_U32 sessionId, const tANI_U8 *ft_ies,
                ft_ies,ft_ies_length);
          pSession->ftSmeContext.FTState = eFT_AUTH_REQ_READY;
 
-#if defined WLAN_FEATURE_VOWIFI_11R_DEBUG
-         smsLog( pMac, LOG1, "ft_ies_length=%d", ft_ies_length);
-#endif
          break;
 
       case eFT_AUTH_COMPLETE:
-- 
cgit v1.1