Cumulative patch from commit d3b204694a39e6c57a4c6689b87f4192e1b93a06

d3b2046 P2P: Make the default p2p_find delay value configurable
3dacd3e atheros: Add support for new GCMP/CCMP/CMAC/GMAC cipher suites
737754d EAP-IKEv2: Remove obsolete ccns.pl project workarounds
aa6bf6d eap_proxy: Check sm != NULL more consistently
4f4d51e TDLS: Add extra validation step for responder RSN IE length
a01acc5 Check for EVENT_ASSOC data to be present for AP mode operation
1fde15a GAS server: Explicitly check that home realm is available
aff0bee GAS server: Remove unused function parameter
86388af WPS: Check for theoretical gmtime() failure
d75a5ae WPS ER: Fix UDN parser to handle missing field
0bbaa9b Validate driver extended capabilities length against buffer length
9c6c558 Interworking: Reject EAP configuration with unsupported inner method
f2ca0e9 Check eap_get_name() return against NULL to silence static analyzer
bc32bb7 Make a code path easier for static analyzers to understand
fb958ea Check current_ssid on unexpected association event
2a57c33 Reserve QCA vendor specific nl80211 commands 20..33
84df167 nl80211: Add vendor attribute for interface index
9949483 The master branch is now used for v2.3 development

Change-Id: Ib39c204aaa3ebcc909057f815e5e291e15e5df88
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index 3b146560..84b7c1be 100644
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -2098,6 +2098,13 @@ static int wpa_tdls_process_tpk_m2(struct wpa_sm *sm, const u8 *src_addr,
 	wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE Received from TPK M2",
 		    kde.rsn_ie, kde.rsn_ie_len);
 
+	if (kde.rsn_ie_len > TDLS_MAX_IE_LEN) {
+		wpa_printf(MSG_INFO,
+			   "TDLS: Too long Responder RSN IE in TPK M2");
+		status = WLAN_STATUS_INVALID_RSNIE;
+		goto error;
+	}
+
 	/*
 	 * FIX: bitwise comparison of RSN IE is not the correct way of
 	 * validation this. It can be different, but certain fields must