kernel_xiaomi_sm6150.git - kernel_xiaomi

diff options

author	Jyoti Kumari <jyotkuma@codeaurora.org>	2021-01-29 12:59:07 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2021-02-28 11:39:16 -0800
commit	604b6c26283524aef4669565f67b0219a5be5597 (patch)
tree	c2744e3d1354e9558b72e3f49b1314fc598f88a6 /tools/perf/scripts/python/export-to-sqlite.py
parent	ab1884728f3c23d9cd92d54959278d956a3be46a (diff)

qcacld-3.0: Fix integer underflow in assoc response frame

In func aead_decrypt_assoc_rsp(), it calls find_ie_data_after_fils_session_ie() to find IE pointer after FILS session IE from the frame payload. There is possibility of integer underflow if frame payload length is less than FIXED_PARAM_OFFSET_ASSOC_RSP which may increase value of buf_len variable in find_ie_data_after_fils_session_ie() and cause OOB during parsing process. Validate frame payload length with FIXED_PARAM_OFFSET_ASSOC_RSP, if it is less then return failure. Change-Id: I78fbcfeaa1058fcf2a6fe47cd5c26390b54974af CRs-Fixed: 2859024

Diffstat (limited to 'tools/perf/scripts/python/export-to-sqlite.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: