Staging: rtl8723bs: rtw_wlan_util: Add size check of SSID IE (37073089) · Commits · 戴 / test

drivers/staging/rtl8723bs/core/rtw_wlan_util.c

+8 −14

Original line number	Diff line number	Diff line
		@@ -1271,13 +1271,13 @@ int rtw_check_bcn_info(struct adapter Adapter, u8 pframe, u32 packet_len)
		unsigned char *pbuf;
		u32 wpa_ielen = 0;
		u8 *pbssid = GetAddr3Ptr(pframe);
		u32 hidden_ssid = 0;
		struct HT_info_element *pht_info = NULL;
		struct rtw_ieee80211_ht_cap *pht_cap = NULL;
		u32 bcn_channel;
		unsigned short ht_cap_info;
		unsigned char ht_info_infos_0;
		struct mlme_priv *pmlmepriv = &Adapter->mlmepriv;
		int ssid_len;

		if (is_client_associated_to_ap(Adapter) == false)
		return true;
		@@ -1370,21 +1370,15 @@ int rtw_check_bcn_info(struct adapter Adapter, u8 pframe, u32 packet_len)
		}

		/* checking SSID */
		ssid_len = 0;
		p = rtw_get_ie(bssid->IEs + _FIXED_IE_LENGTH_, _SSID_IE_, &len, bssid->IELength - _FIXED_IE_LENGTH_);
		if (!p) {
		DBG_871X("%s marc: cannot find SSID for survey event\n", __func__);
		hidden_ssid = true;
		} else {
		hidden_ssid = false;
		}

		if ((NULL != p) && (false == hidden_ssid && (*(p + 1)))) {
		memcpy(bssid->Ssid.Ssid, (p + 2), *(p + 1));
		bssid->Ssid.SsidLength = *(p + 1);
		} else {
		bssid->Ssid.SsidLength = 0;
		bssid->Ssid.Ssid[0] = '\0';
		if (p) {
		ssid_len = *(p + 1);
		if (ssid_len > NDIS_802_11_LENGTH_SSID)
		ssid_len = 0;
		}
		memcpy(bssid->Ssid.Ssid, (p + 2), ssid_len);
		bssid->Ssid.SsidLength = ssid_len;

		RT_TRACE(_module_rtl871x_mlme_c_, _drv_info_, ("%s bssid.Ssid.Ssid:%s bssid.Ssid.SsidLength:%d "
		"cur_network->network.Ssid.Ssid:%s len:%d\n", __func__, bssid->Ssid.Ssid,