Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bfedabab authored by Jyoti Kumari's avatar Jyoti Kumari Committed by Gerrit - the friendly Code Review server
Browse files

qcacmn: Fix out of bound read issue in ESP ie parse 

During esp ie parse from beacon/probe response, the data pointer
is getting read from esp ie and it's not validate while updating
to esp params which may cause out of bound read issue.

Validate data pointer before updating to esp params.

Change-Id: I1167b82248613cc65fcd7c70cdcfe57595de6b21
CRs-Fixed: 2842234
parent 4f65c1ab

umac/scan/dispatcher/src/wlan_scan_utils_api.c

+3 −2
Original line number Diff line number Diff line 
/*

 * Copyright (c) 2017-2020 The Linux Foundation. All rights reserved.

 * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved.

 *

 * Permission to use, copy, modify, and/or distribute this software for

 * any purpose with or without fee is hereby granted, provided that the
@@ -1165,7 +1165,8 @@ static void util_scan_update_esp_data(struct wlan_esp_ie *esp_information, 
		return;

	}



	for (i = 0; i < total_elements; i++) {

	for (i = 0; i < total_elements &&

	     data < ((uint8_t *)esp_ie + esp_ie->esp_len + 3); i++) {

		esp_info = (struct wlan_esp_info *)data;

		if (esp_info->access_category == ESP_AC_BK) {

			qdf_mem_copy(&esp_information->esp_info_AC_BK,