[automerger] WNM: Fix WNM-Sleep Mode Request bounds checking am: 7a543744db am: 4069976836 am: 5049aa2d74 am: fa9a73bdd4 Change-Id: If28fbbdb4ead81c5de0f3afaf84ec74a07f472eb

commit: 778267c63d6c6cd0e4c8c37da68c3835b17886e6 [log] [tgz]
author: Android Build Merger (Role) <noreply-android-build-merger@google.com> Fri Nov 02 17:20:59 2018 +0000
committer: Android Build Merger (Role) <noreply-android-build-merger@google.com> Fri Nov 02 17:20:59 2018 +0000
tree: 76c86e5f600fb49046dc102bab77ff2dd2e99de2
parent: bef32b9df84a0423d4d80996c2f04be5aa3fb078 [diff]
parent: fa9a73bdd45dd9b88bacc4e0c53f63da7ecfe010 [diff]
diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
index 41d50ce..02daa9b 100644
--- a/src/ap/wnm_ap.c
+++ b/src/ap/wnm_ap.c

@@ -202,6 +202,13 @@
 	u8 *tfsreq_ie_end = NULL;
 	u16 tfsreq_ie_len = 0;
 
+	if (len < 1) {
+		wpa_printf(MSG_DEBUG,
+			   "WNM: Ignore too short WNM-Sleep Mode Request from "
+			   MACSTR, MAC2STR(addr));
+		return;
+	}
+
 	dialog_token = *pos++;
 	while (pos + 1 < frm + len) {
 		u8 ie_len = pos[1];
commit	778267c63d6c6cd0e4c8c37da68c3835b17886e6	[log] [tgz]
author	Android Build Merger (Role) <noreply-android-build-merger@google.com>	Fri Nov 02 17:20:59 2018 +0000
committer	Android Build Merger (Role) <noreply-android-build-merger@google.com>	Fri Nov 02 17:20:59 2018 +0000
tree	76c86e5f600fb49046dc102bab77ff2dd2e99de2
parent	bef32b9df84a0423d4d80996c2f04be5aa3fb078 [diff]
parent	fa9a73bdd45dd9b88bacc4e0c53f63da7ecfe010 [diff]