Supplicant: Add bound check for pmk length and serialized data
When PMK length in setPmkCacheInternal() function deserializes the
input PMK bytes to supplicant rsn_pmk_cache_entry without checking
the input PMK length along with size of input PMK bytes, it results
in an Out-of-Bounds write memory access, causing memory corruption.
Fixes:
1. Adding check for invalid pmk length.
2. A specific size check is added in deserializePmkCacheEntry()
function, where we are checking size of serializedEntry to the size
of rsn_pmksa_cache_entry structure. If it is less, the invalid input
is rejected and an error message is returned.
Change-Id: I8e80734820e51b018ac63a7bfd5674482be958ee
Bug: 263834889
Test: Manual - connect/disconnect with WPA3 AP and confirmed
that open authentication with PMK cache works.
2 files changed