added boundary check not to override allocated buffer.
Signed-off-by: Insun Song <insun.song@broadcom.com>
Change-Id: I76211db7ef595fc41cf5d5d58de79cedfe80e521
Bug:
32125310
Reviewed-on: http://git-master/r/
1478872
GVS: Gerrit_Virtual_Submit
Reviewed-by: Gagan Grover <ggrover@nvidia.com>
Tested-by: Sunny Li <sunnyl@nvidia.com>
Reviewed-by: Hayden Du <haydend@nvidia.com>
if (ie_id != DOT11_MNG_INTERWORKING_ID)
return BCME_UNSUPPORTED;
+ if (data_len > IW_IES_MAX_BUF_LEN) {
+ WL_ERR(("wrong data_len:%d\n", data_len));
+ return BCME_BADARG;
+ }
/* Validate the pktflag parameter */
if ((pktflag & ~(VNDR_IE_BEACON_FLAG | VNDR_IE_PRBRSP_FLAG |
VNDR_IE_ASSOCRSP_FLAG | VNDR_IE_AUTHRSP_FLAG |