[automerger] [wpa_supplicant] Fix security vulnerability wpa_supplicant/wnm_sta.c:376 am: 5e6e3f710f am: a80eaabb6b am: e2411dbf1e am: 24b4de62be am: d0d047b774 am: 14e95b5516 Change-Id: Icc8ba78773373eaaac38f6e1307e8ba351eb7fee

commit: 7157e499527a94c147b75f482ac828f58af1d6a9 [log] [tgz]
author: Hai Shalom <haishalom@google.com> Thu Mar 07 13:43:43 2019 -0800
committer: android-build-merger <android-build-merger@google.com> Thu Mar 07 13:43:43 2019 -0800
tree: efe59071d8bc4bed6fd44f1eee0176474870b764
parent: 09d78392c881cd5f0e3743825751d8636bd5ad2a [diff]
parent: 14e95b5516b052f9f6445ab7ec8f575891c85a61 [diff]
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index bd0b517..05b9f6c 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c

@@ -373,6 +373,10 @@
 		rep->preference_present = 1;
 		break;
 	case WNM_NEIGHBOR_BSS_TERMINATION_DURATION:
+		if (elen < 10) {
+			wpa_printf(MSG_DEBUG, "WNM: Too short bss_term_tsf");
+			break;
+		}
 		rep->bss_term_tsf = WPA_GET_LE64(pos);
 		rep->bss_term_dur = WPA_GET_LE16(pos + 8);
 		rep->bss_term_present = 1;
commit	7157e499527a94c147b75f482ac828f58af1d6a9	[log] [tgz]
author	Hai Shalom <haishalom@google.com>	Thu Mar 07 13:43:43 2019 -0800
committer	android-build-merger <android-build-merger@google.com>	Thu Mar 07 13:43:43 2019 -0800
tree	efe59071d8bc4bed6fd44f1eee0176474870b764
parent	09d78392c881cd5f0e3743825751d8636bd5ad2a [diff]
parent	14e95b5516b052f9f6445ab7ec8f575891c85a61 [diff]