[automerger] [wpa_supplicant] Fix security vulnerability wpa_supplicant/wnm_sta.c:376 am: 5e6e3f710f Change-Id: I053774f5456cdf76b9500c0d4294a23e193e1701

commit: a80eaabb6b7cb062efafb3cb710c713beb1f308f [log] [tgz]
author: Android Build Merger (Role) <noreply-android-build-merger@google.com> Thu Mar 07 03:11:56 2019 +0000
committer: Android Build Merger (Role) <noreply-android-build-merger@google.com> Thu Mar 07 03:11:56 2019 +0000
tree: a545450c7ecde27e857099e0257b85c17d891e2e
parent: cd27d5d7853976b73fcb558ecdace31c191c0b56 [diff]
parent: 5e6e3f710fd8f317f479fc9b7a5bfed1bef89f9f [diff]
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index 7dc1909..63a87af 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c

@@ -372,6 +372,10 @@
 		rep->preference_present = 1;
 		break;
 	case WNM_NEIGHBOR_BSS_TERMINATION_DURATION:
+		if (elen < 10) {
+			wpa_printf(MSG_DEBUG, "WNM: Too short bss_term_tsf");
+			break;
+		}
 		rep->bss_term_tsf = WPA_GET_LE64(pos);
 		rep->bss_term_dur = WPA_GET_LE16(pos + 8);
 		rep->bss_term_present = 1;
commit	a80eaabb6b7cb062efafb3cb710c713beb1f308f	[log] [tgz]
author	Android Build Merger (Role) <noreply-android-build-merger@google.com>	Thu Mar 07 03:11:56 2019 +0000
committer	Android Build Merger (Role) <noreply-android-build-merger@google.com>	Thu Mar 07 03:11:56 2019 +0000
tree	a545450c7ecde27e857099e0257b85c17d891e2e
parent	cd27d5d7853976b73fcb558ecdace31c191c0b56 [diff]
parent	5e6e3f710fd8f317f479fc9b7a5bfed1bef89f9f [diff]