From 7f60f02336d5506aeb81c5fec9e213f729fb83e6 Mon Sep 17 00:00:00 2001
From: Srinivas Girigowda <sgirigow@codeaurora.org>
Date: Thu, 25 May 2017 15:12:16 -0700
Subject: [PATCH] qcacld-2.0: Add lost AP sample size entry to nla policy

Incorrect validation of
QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE
results in assigning an unchecked user-controller value.
This can lead to buffer overflow.

validate
  QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE.

CRs-Fixed: 2045470
Change-Id: I7c33b6d78054672e9effbe9100c29e5604c250c6
Bug: 36818198
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
---
 drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
index d5e63ef797c91..3580d2b73494b 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -852,6 +852,9 @@ wlan_hdd_extscan_config_policy[QCA_WLAN_VENDOR_ATTR_EXTSCAN_SUBCMD_CONFIG_PARAM_
     [QCA_WLAN_VENDOR_ATTR_EXTSCAN_SSID_THRESHOLD_PARAM_RSSI_LOW] = { .type = NLA_S32 },
     [QCA_WLAN_VENDOR_ATTR_EXTSCAN_SSID_THRESHOLD_PARAM_RSSI_HIGH] = { .type = NLA_S32 },
     [QCA_WLAN_VENDOR_ATTR_EXTSCAN_CONFIGURATION_FLAGS] = { .type = NLA_U32 },
+    [QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE] = {
+		.type = NLA_U32
+	},
 };
 
 static const struct nla_policy