[automerger] [wpa_supplicant] Fix security vulnerability wpa_supplicant/wnm_sta.c:376 am: 5e6e3f710f am: a80eaabb6b am: e2411dbf1e am: 24b4de62be am: d0d047b774 am: 14e95b5516 am: 7157e49952 am: 695afc101c am: 8a6c2503ce Change-Id: I69ccf50227c34878853da241852ef7fdde6594f2

commit: 39dbb0b8a19d1626e7c0b4c536b9e001113cba2c [log] [tgz]
author: Hai Shalom <haishalom@google.com> Thu Mar 07 13:59:54 2019 -0800
committer: android-build-merger <android-build-merger@google.com> Thu Mar 07 13:59:54 2019 -0800
tree: 988e10cfa96267095717752097bd4c1492d5b4c6
parent: 4f65da7e0122cd80d1b16f68ec476821cc364482 [diff]
parent: 8a6c2503ce9ff19c4d92d40be4a5a65989166ca2 [diff]
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index 28346ea..3e27f0c 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c

@@ -373,6 +373,10 @@
 		rep->preference_present = 1;
 		break;
 	case WNM_NEIGHBOR_BSS_TERMINATION_DURATION:
+		if (elen < 10) {
+			wpa_printf(MSG_DEBUG, "WNM: Too short bss_term_tsf");
+			break;
+		}
 		rep->bss_term_tsf = WPA_GET_LE64(pos);
 		rep->bss_term_dur = WPA_GET_LE16(pos + 8);
 		rep->bss_term_present = 1;
commit	39dbb0b8a19d1626e7c0b4c536b9e001113cba2c	[log] [tgz]
author	Hai Shalom <haishalom@google.com>	Thu Mar 07 13:59:54 2019 -0800
committer	android-build-merger <android-build-merger@google.com>	Thu Mar 07 13:59:54 2019 -0800
tree	988e10cfa96267095717752097bd4c1492d5b4c6
parent	4f65da7e0122cd80d1b16f68ec476821cc364482 [diff]
parent	8a6c2503ce9ff19c4d92d40be4a5a65989166ca2 [diff]