Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
43e4a7035d
DivestOS/Patches/Linux_CVEs/CVE-2017-9714/ANY/1.patch
Tad 3989a1b20b Update Linux CVE patches
2017-10-29 22:14:37 -04:00

63 lines
3.1 KiB
Diff
Raw Blame History

From 822958b55703d8a3d7f7e2d9b1cd1736c9878a3b Mon Sep 17 00:00:00 2001
From: Kapil Gupta <kapgupta@codeaurora.org>
Date: Tue, 16 May 2017 12:39:54 +0530
Subject: [PATCH] qcacld-2.0: Drop assoc request if RSNIE/WPAIE parsing fail
Add changes to drop assoc request and return error if RSNIE or
WPAIE parsing fail during parsing of assoc request.
Bug: 63868020
CRs-Fixed: 2046578
Change-Id: I88d779399c2eba5d33c30144bf9600a1f3a00b77
Signed-off-by: Ecco Park <eccopark@google.com>
---
.../CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c | 23 ++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c b/drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c
index 4e7fbe2341811..5e2bb2dd04f2c 100644
--- a/drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c
+++ b/drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c
@@ -711,10 +711,18 @@ limProcessAssocReqFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo,
if(pAssocReq->rsn.length)
{
// Unpack the RSN IE
- dot11fUnpackIeRSN(pMac,
+ if (dot11fUnpackIeRSN(pMac,
&pAssocReq->rsn.info[0],
pAssocReq->rsn.length,
- &Dot11fIERSN);
+ &Dot11fIERSN) != DOT11F_PARSE_SUCCESS)
+ {
+ limLog(pMac, LOG1,
+ FL("Invalid RSNIE received"));
+ limSendAssocRspMgmtFrame(pMac,
+ eSIR_MAC_INVALID_RSN_IE_CAPABILITIES_STATUS,
+ 1, pHdr->sa, subType, 0,psessionEntry);
+ goto error;
+ }
/* Check RSN version is supported or not */
if(SIR_MAC_OUI_VERSION_1 == Dot11fIERSN.version)
@@ -780,10 +788,17 @@ limProcessAssocReqFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo,
// Unpack the WPA IE
if(pAssocReq->wpa.length)
{
- dot11fUnpackIeWPA(pMac,
+ if (dot11fUnpackIeWPA(pMac,
&pAssocReq->wpa.info[4], //OUI is not taken care
pAssocReq->wpa.length,
- &Dot11fIEWPA);
+ &Dot11fIEWPA) != DOT11F_PARSE_SUCCESS)
+ {
+ limLog(pMac, LOGE, FL("Invalid WPA IE"));
+ limSendAssocRspMgmtFrame(pMac,
+ eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS,
+ 1, pHdr->sa, subType, 0,psessionEntry);
+ goto error;
+ }
/* check the groupwise and pairwise cipher suites */
if(eSIR_SUCCESS != (status = limCheckRxWPAIeMatch(pMac, Dot11fIEWPA, psessionEntry, pAssocReq->HTCaps.present)))
{
Reference in New Issue View Git Blame Copy Permalink