Changes are done to address buffer overflow in
slsi_add_to_scan_list.
SCSC-Bug-Id: HOST-12608
Signed-off-by: Sushant Butta <b.sushant@samsung.com>
Change-Id: Ic938f40bbc2570f5565e2e596a732e1de93c8094
Signed-off-by: Youngsoo Kim <youngss.kim@samsung.com>
#endif
scan_ssid = cfg80211_find_ie(WLAN_EID_SSID, mgmt->u.probe_resp.variable, ie_len);
+
+ if (scan_ssid && scan_ssid[1] && scan_ssid[1] > IEEE80211_MAX_SSID_LEN) {
+ SLSI_NET_ERR(dev, "Dropping scan result due to unexpected ssid length(%d)\n", scan_ssid[1]);
+ slsi_kfree_skb(skb);
+ return;
+ }
+
if (scan_ssid && scan_ssid[1] && ((ie_len - (scan_ssid - mgmt->u.probe_resp.variable) + 2) < scan_ssid[1])) {
+ SLSI_NET_ERR(dev, "Dropping scan result due to skb data is less than ssid len(%d)\n", scan_ssid[1]);
slsi_kfree_skb(skb);
return;
}
#define SCSC_RELEASE_ITERATION 17
#define SCSC_RELEASE_CANDIDATE 1
-#define SCSC_RELEASE_POINT 0
+#define SCSC_RELEASE_POINT 1
#endif