Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 09e82e29 authored by Abhishek Ambure's avatar Abhishek Ambure Committed by Gerrit - the friendly Code Review server
Browse files

qcacld-3.0: Add max index check for dscp_to_up_map array 

In SME layer, boundary check for dscp_to_up_map array is not present.

The dscpmapping is an array of 0x40 elements. Values in dscp_exceptions
are used to index dscpmapping. The indices are not validated to be less
than 0x40. The dscp_exceptions array is received from association
response frame. A malicious AP can send values up to 0xff, causing OOB
write of dscpmapping array.

Hence, max index check is added to avoid OOB write of dscpmapping array.

Change-Id: I73526849677e867673fc0bd0024ed2b003e4f89e
CRs-Fixed: 2569764
parent 7564e615
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment