aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/tdls.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/tdls.c b/drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/tdls.c
index 743247d22..5d2dd0c96 100644
--- a/drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/tdls.c
+++ b/drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/tdls.c
@@ -4984,7 +4984,8 @@ VOID TdlsexRxFrameHandle(GLUE_INFO_T *prGlueInfo, UINT8 *pPkt, UINT16 u2PktLen)
switch (ucElmId) {
case ELEM_ID_HT_CAP: /* 0x2d */
/* backup the HT IE of 1st unhandled setup request frame */
- if (prGlueInfo->rTdlsHtCap.ucId == 0x00) {
+ if (prGlueInfo->rTdlsHtCap.ucId == 0x00 &&
+ ucElmLen <= sizeof(IE_HT_CAP_T) - 2) {
kalMemCopy(prGlueInfo->aucTdlsHtPeerMac, pucPeerMac, 6);
kalMemCopy(&prGlueInfo->rTdlsHtCap, pPkt - 2, ucElmLen + 2);
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-14 14:53:18 +0000