[automerger] WNM: Fix WNM-Sleep Mode Request bounds checking am: 7a543744db Change-Id: I5dff3d2d27866f6e8b353c22d04e75dcaa5aadf9

commit: 4069976836c09d0a67feac6de3d233ab99442623 [log] [tgz]
author: Android Build Merger (Role) <noreply-android-build-merger@google.com> Fri Nov 02 17:20:55 2018 +0000
committer: Android Build Merger (Role) <noreply-android-build-merger@google.com> Fri Nov 02 17:20:55 2018 +0000
tree: 76c86e5f600fb49046dc102bab77ff2dd2e99de2
parent: 172514b9254f1bc5c53a82b6d6ebb933e98be295 [diff]
parent: 7a543744db8ece2376b019040b5668ede68ebd8b [diff]
diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
index 41d50ce..02daa9b 100644
--- a/src/ap/wnm_ap.c
+++ b/src/ap/wnm_ap.c

@@ -202,6 +202,13 @@
 	u8 *tfsreq_ie_end = NULL;
 	u16 tfsreq_ie_len = 0;
 
+	if (len < 1) {
+		wpa_printf(MSG_DEBUG,
+			   "WNM: Ignore too short WNM-Sleep Mode Request from "
+			   MACSTR, MAC2STR(addr));
+		return;
+	}
+
 	dialog_token = *pos++;
 	while (pos + 1 < frm + len) {
 		u8 ie_len = pos[1];
commit	4069976836c09d0a67feac6de3d233ab99442623	[log] [tgz]
author	Android Build Merger (Role) <noreply-android-build-merger@google.com>	Fri Nov 02 17:20:55 2018 +0000
committer	Android Build Merger (Role) <noreply-android-build-merger@google.com>	Fri Nov 02 17:20:55 2018 +0000
tree	76c86e5f600fb49046dc102bab77ff2dd2e99de2
parent	172514b9254f1bc5c53a82b6d6ebb933e98be295 [diff]
parent	7a543744db8ece2376b019040b5668ede68ebd8b [diff]