[automerger] [wpa_supplicant] Fix security vulnerability wpa_supplicant/wnm_sta.c:376 am: 5e6e3f710f am: a80eaabb6b am: e2411dbf1e am: 24b4de62be Change-Id: If51dd0621110119e2ed9fd61840fb63e5717b12d

commit: d0d047b774853108d740e9eafacfef7d24b891de [log] [tgz]
author: Android Build Merger (Role) <noreply-android-build-merger@google.com> Thu Mar 07 03:11:59 2019 +0000
committer: Android Build Merger (Role) <noreply-android-build-merger@google.com> Thu Mar 07 03:11:59 2019 +0000
tree: a545450c7ecde27e857099e0257b85c17d891e2e
parent: 1e6bb5fda6b5f977e604dc59c620a9b894a7a992 [diff]
parent: 24b4de62be70920332bc7c0e1ba5635715863998 [diff]
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index 7dc1909..63a87af 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c

@@ -372,6 +372,10 @@
 		rep->preference_present = 1;
 		break;
 	case WNM_NEIGHBOR_BSS_TERMINATION_DURATION:
+		if (elen < 10) {
+			wpa_printf(MSG_DEBUG, "WNM: Too short bss_term_tsf");
+			break;
+		}
 		rep->bss_term_tsf = WPA_GET_LE64(pos);
 		rep->bss_term_dur = WPA_GET_LE16(pos + 8);
 		rep->bss_term_present = 1;
commit	d0d047b774853108d740e9eafacfef7d24b891de	[log] [tgz]
author	Android Build Merger (Role) <noreply-android-build-merger@google.com>	Thu Mar 07 03:11:59 2019 +0000
committer	Android Build Merger (Role) <noreply-android-build-merger@google.com>	Thu Mar 07 03:11:59 2019 +0000
tree	a545450c7ecde27e857099e0257b85c17d891e2e
parent	1e6bb5fda6b5f977e604dc59c620a9b894a7a992 [diff]
parent	24b4de62be70920332bc7c0e1ba5635715863998 [diff]