aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGururaj Patil <gururaj.patil3@harman.com>2019-10-24 12:05:59 +0000
committerJeferson Oliveira <jroliveira.oliveira301@gmail.com>2021-08-17 21:06:20 +0200
commit59a70271f91b44045a264b4c87bd789ae412e4da (patch)
tree2f951424e072fbc088367f07f10c6fdaa81767a9
parent6643008fa3ecb459d7b6600d935b712bef86e07c (diff)
wlan: Avoid int overflow in csr_scan_save_preferred_network_found()
Add validation check on frameLength to avoid int overflow in csr_scan_save_preferred_network_found function. Change-Id: I6bcdfb757610152bc801d5134e62dd58629d1e81 CRs-Fixed: 2232358 Signed-off-by: Gururaj Patil <gururaj.patil3@harman.com>
Diffstat
-rw-r--r--drivers/staging/prima/CORE/SME/src/csr/csrApiScan.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/staging/prima/CORE/SME/src/csr/csrApiScan.c b/drivers/staging/prima/CORE/SME/src/csr/csrApiScan.c
index d24c4d13ffe..951197f2194 100644
--- a/drivers/staging/prima/CORE/SME/src/csr/csrApiScan.c
+++ b/drivers/staging/prima/CORE/SME/src/csr/csrApiScan.c
@@ -8435,6 +8435,13 @@ eHalStatus csrScanSavePreferredNetworkFound(tpAniSirGlobal pMac,
uLen = pPrefNetworkFoundInd->frameLength -
(SIR_MAC_HDR_LEN_3A + SIR_MAC_B_PR_SSID_OFFSET);
}
+ if (uLen > (UINT_MAX - sizeof(tCsrScanResult))) {
+ smsLog(pMac, LOGE,
+ FL("Incorrect len: %d, may leads to int overflow, uLen %d"),
+ pPrefNetworkFoundInd->frameLength, uLen);
+ vos_mem_vfree(pParsedFrame);
+ return eHAL_STATUS_FAILURE;
+ }
if (uLen > (UINT_MAX - sizeof(tCsrScanResult))) {
smsLog(pMac, LOGE, FL("Incorrect len: %d, may leads to int overflow, uLen %d"),
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 00:06:38 +0000