From c18c5935d437e4b06ec630d755a42b49e11bd071 Mon Sep 17 00:00:00 2001 From: Jeff Johnson Date: Thu, 15 Jun 2017 12:47:46 -0700 Subject: [PATCH] qcacld-2.0: Properly validate QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR Currently the QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR nla_policy specifies a type of NLA_STRING, but the underlying implementation expects a NUL-terminated string. Update the policy to correctly use a type of NLA_NUL_STRING with the len updated to remove the allocation needed for the terminating NUL. Bug: 37687303 Change-Id: Ic73241511ab73ae63fd7c1a8d6422da91931919c CRs-Fixed: 2061688 --- drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c index 1b5e4db3100c7..469ae96818cf4 100644 --- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c +++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016 The Linux Foundation. All rights reserved. + * Copyright (c) 2016-2017 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -38,8 +38,8 @@ static const struct nla_policy qca_wlan_vendor_ndp_policy[QCA_WLAN_VENDOR_ATTR_NDP_PARAMS_MAX + 1] = { [QCA_WLAN_VENDOR_ATTR_NDP_SUBCMD] = { .type = NLA_U32 }, [QCA_WLAN_VENDOR_ATTR_NDP_TRANSACTION_ID] = { .type = NLA_U16 }, - [QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR] = { .type = NLA_STRING, - .len = IFNAMSIZ }, + [QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR] = { .type = NLA_NUL_STRING, + .len = IFNAMSIZ - 1 }, [QCA_WLAN_VENDOR_ATTR_NDP_SERVICE_INSTANCE_ID] = { .type = NLA_U32 }, [QCA_WLAN_VENDOR_ATTR_NDP_CHANNEL_SPEC_CHANNEL] = { .type = NLA_U32 }, [QCA_WLAN_VENDOR_ATTR_NDP_PEER_DISCOVERY_MAC_ADDR] = {