Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit e3216619 authored by Jyoti Kumari's avatar Jyoti Kumari Committed by Gerrit - the friendly Code Review server
Browse files

qcacmn: Fix OOB read issue in SSID ie 

During beacon or probe response, if channel is dfs && frame type
is MGMT_SUBTYPE_BEACON, it would call "util_scan_add_hidden_ssid"
to deal with the packet. If the ie id matches with SSID then OOB
read may occur in ie_len as it is validated with upper bound of
ie_ssid.

Validate the ie length first. If it is more than 0 then copy
memory to SSID which are equivalent to ie length.

Change-Id: Ib5e2ab7f6f3337d4c3e5c240e3133d8f276be50a
CRs-Fixed: 3007473
parent f0128c3e
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment