Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b0f95f51 authored by gaurank kathpalia's avatar gaurank kathpalia Committed by Gerrit - the friendly Code Review server
Browse files

wlan: Fix OOB read in limProcessDeauthFrame 

Propagation from cld2.0 to prima
In the API limProcessDeauthFrame, the reason-code is
fetched from the payload, and it may happen that the
payload received is empty, and the MPDU just contains the
header, so the driver may access the memory not allocated
to the frame, thus resulting in a OOB read.

Fix is to have a min length check of 16 bits for the
reason code before accessing it.

Change-Id: I7e7a435ba049356c13fb10240f4abb9bf6219af4
CRs-Fixed: 2341590
parent a1869737
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment