[automerger] [wpa_supplicant] Fix security vulnerability wpa_supplicant/wnm_sta.c:376 am: 5e6e3f710f am: a80eaabb6b am: e2411dbf1e am: 24b4de62be am: d0d047b774 am: 14e95b5516 am: 7157e49952 Change-Id: Ief1ee5441a068c943e78c9ad02921e28e2896479

commit: 695afc101c44dedbfb1b7bd60d0db0ea21bd4cdd [log] [tgz]
author: Hai Shalom <haishalom@google.com> Thu Mar 07 13:47:44 2019 -0800
committer: android-build-merger <android-build-merger@google.com> Thu Mar 07 13:47:44 2019 -0800
tree: e2cff1113a49963cdfb5d7ed59dc682718572442
parent: 28986b88cf48a634288f1550332a5da8f7382527 [diff]
parent: 7157e499527a94c147b75f482ac828f58af1d6a9 [diff]
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index bd0b517..05b9f6c 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c

@@ -373,6 +373,10 @@
 		rep->preference_present = 1;
 		break;
 	case WNM_NEIGHBOR_BSS_TERMINATION_DURATION:
+		if (elen < 10) {
+			wpa_printf(MSG_DEBUG, "WNM: Too short bss_term_tsf");
+			break;
+		}
 		rep->bss_term_tsf = WPA_GET_LE64(pos);
 		rep->bss_term_dur = WPA_GET_LE16(pos + 8);
 		rep->bss_term_present = 1;
commit	695afc101c44dedbfb1b7bd60d0db0ea21bd4cdd	[log] [tgz]
author	Hai Shalom <haishalom@google.com>	Thu Mar 07 13:47:44 2019 -0800
committer	android-build-merger <android-build-merger@google.com>	Thu Mar 07 13:47:44 2019 -0800
tree	e2cff1113a49963cdfb5d7ed59dc682718572442
parent	28986b88cf48a634288f1550332a5da8f7382527 [diff]
parent	7157e499527a94c147b75f482ac828f58af1d6a9 [diff]