Sarvesh Bodakhe cfea48c4e8 fix(wifi): Fix memory corruption by avoiding unncessary encryption (7caaffa9) ...

When wpa_supplicant sends an authentication response for an already
connection station (with keys installed after a successful 4-way
handshake), the Mgmt packet was encrypted unconditionaly based on
'bss->pmf_enable'. This lead to memory corruption since extra space for
the encryption header was assumed even when it was not there.

Fix this by verifying that the packet is actually a robust management
frame before enabling the encryption.

2025-12-14 19:23:18 +05:30

52 KiB

Raw History

View Raw