Skip to content
Commit c2c5e1cf authored by Surya Prakash Sivaraj's avatar Surya Prakash Sivaraj
Browse files

qcacmn: Fix potential OOB read in util_scan_parse_mbssid()

If the length of the MBSSID IE is 0, then there is a potential
OOB read in util_scan_parse_mbssid(), when the Max BSSID indicator
field is accessed.

To fix this, do not proceed with MBSSID parsing if the length
of the MBSSID IE is zero.

Change-Id: I2c7a7641b77fed20a910cb77035588a7540caa62
CRs-Fixed: 3717567
parent 965a56b5
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment