summaryrefslogtreecommitdiff
path: root/CORE/HDD/src/wlan_hdd_p2p.c
diff options
context:
space:
mode:
Diffstat (limited to 'CORE/HDD/src/wlan_hdd_p2p.c')
-rw-r--r--CORE/HDD/src/wlan_hdd_p2p.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/CORE/HDD/src/wlan_hdd_p2p.c b/CORE/HDD/src/wlan_hdd_p2p.c
index dfb908351..90d98da8c 100644
--- a/CORE/HDD/src/wlan_hdd_p2p.c
+++ b/CORE/HDD/src/wlan_hdd_p2p.c
@@ -2762,6 +2762,7 @@ void __hdd_indicate_mgmt_frame(hdd_adapter_t *pAdapter,
/* Get pAdapter from Destination mac address of the frame */
if ((type == SIR_MAC_MGMT_FRAME) &&
(subType != SIR_MAC_MGMT_PROBE_REQ) &&
+ (nFrameLength > WLAN_HDD_80211_FRM_DA_OFFSET + VOS_MAC_ADDR_SIZE) &&
!vos_is_macaddr_broadcast(
(v_MACADDR_t *)&pbFrames[WLAN_HDD_80211_FRM_DA_OFFSET]))
{
@@ -2832,12 +2833,16 @@ void __hdd_indicate_mgmt_frame(hdd_adapter_t *pAdapter,
cfgState = WLAN_HDD_GET_CFG_STATE_PTR( pAdapter );
if ((type == SIR_MAC_MGMT_FRAME) &&
- (subType == SIR_MAC_MGMT_ACTION))
+ (subType == SIR_MAC_MGMT_ACTION) &&
+ (nFrameLength > WLAN_HDD_PUBLIC_ACTION_FRAME_OFFSET + 1))
{
if(pbFrames[WLAN_HDD_PUBLIC_ACTION_FRAME_OFFSET] == WLAN_HDD_PUBLIC_ACTION_FRAME)
{
// public action frame
- if((pbFrames[WLAN_HDD_PUBLIC_ACTION_FRAME_OFFSET+1] == SIR_MAC_ACTION_VENDOR_SPECIFIC) &&
+ if((WLAN_HDD_PUBLIC_ACTION_FRAME_OFFSET + SIR_MAC_P2P_OUI_SIZE + 2 <
+ nFrameLength) &&
+ (pbFrames[WLAN_HDD_PUBLIC_ACTION_FRAME_OFFSET+1] ==
+ SIR_MAC_ACTION_VENDOR_SPECIFIC) &&
vos_mem_compare(&pbFrames[WLAN_HDD_PUBLIC_ACTION_FRAME_OFFSET+2], SIR_MAC_P2P_OUI, SIR_MAC_P2P_OUI_SIZE))
// P2P action frames
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-06 16:22:01 +0000