mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
42 lines
1.4 KiB
Diff
42 lines
1.4 KiB
Diff
From d541aecce07c65fee3ad3a4d900016e4d22f2b3d Mon Sep 17 00:00:00 2001
|
|
From: Karthik Jadala <karthikjk@codeaurora.org>
|
|
Date: Wed, 4 May 2016 11:15:45 +0530
|
|
Subject: qcacld-2.0: Fix buffer overwrite problem in CCXBEACONREQ
|
|
|
|
Set the number of IE fields to minimum of input data and
|
|
SIR_ESE_MAX_MEAS_IE_REQS.
|
|
Change-Id: Ie53cfec7872ab69530bbb8932f9f9e85fb319f92
|
|
CRs-Fixed: 993561
|
|
---
|
|
CORE/HDD/src/wlan_hdd_main.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c
|
|
index c3e3786..4d5a86c 100644
|
|
--- a/CORE/HDD/src/wlan_hdd_main.c
|
|
+++ b/CORE/HDD/src/wlan_hdd_main.c
|
|
@@ -5530,17 +5530,17 @@ static VOS_STATUS hdd_parse_ese_beacon_req(tANI_U8 *pValue,
|
|
/*no argument followed by spaces*/
|
|
if ('\0' == *inPtr) return -EINVAL;
|
|
|
|
- /*getting the first argument ie measurement token*/
|
|
+ /*getting the first argument ie Number of IE fields*/
|
|
v = sscanf(inPtr, "%31s ", buf);
|
|
if (1 != v) return -EINVAL;
|
|
|
|
v = kstrtos32(buf, 10, &tempInt);
|
|
if ( v < 0) return -EINVAL;
|
|
|
|
+ tempInt = VOS_MIN(tempInt, SIR_ESE_MAX_MEAS_IE_REQS);
|
|
pEseBcnReq->numBcnReqIe = tempInt;
|
|
|
|
- VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO_HIGH,
|
|
- "Number of Bcn Req Ie fields(%d)", pEseBcnReq->numBcnReqIe);
|
|
+ hddLog(LOG1, "Number of Bcn Req Ie fields: %d", pEseBcnReq->numBcnReqIe);
|
|
|
|
for (j = 0; j < (pEseBcnReq->numBcnReqIe); j++)
|
|
{
|
|
--
|
|
cgit v1.1
|
|
|