Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 863e3057 authored by Abhishek Ambure's avatar Abhishek Ambure
Browse files

wlan: Add max index check for dscp_to_up_map array 

qcacld-3.0 to prima propagation.

In SME layer, boundary check for dscp_to_up_map array is not present.

The dscpmapping is an array of 0x40 elements. Values in dscp_exceptions
are used to index dscpmapping. The indices are not validated to be less
than 0x40. The dscp_exceptions array is received from association
response frame. A malicious AP can send values up to 0xff, causing OOB
write of dscpmapping array.

Hence, max index check is added to avoid OOB write of dscpmapping array.

Change-Id: I73526849677e867673fc0bd0024ed2b003e4f89e
CRs-Fixed: 2585141
parent f950e558
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment