From 681c310490e49adc43065d1d11006c5a5dc43568 Mon Sep 17 00:00:00 2001 From: Srinivas Girigowda Date: Tue, 7 Jun 2016 08:51:34 -0700 Subject: qcacld-2.0: Validate CCXBEACONREQ IE fields Validate CCXBEACONREQ IE fields. Change-Id: Ie64a642abdd7923e91801186aa5743094a739fc9 CRs-Fixed: 1025185 --- CORE/HDD/src/wlan_hdd_main.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c index b3e855a..bd5c69d 100644 --- a/CORE/HDD/src/wlan_hdd_main.c +++ b/CORE/HDD/src/wlan_hdd_main.c @@ -4201,7 +4201,8 @@ static VOS_STATUS hdd_parse_ese_beacon_req(tANI_U8 *pValue, tCsrEseBeaconReq *pEseBcnReq) { tANI_U8 *inPtr = pValue; - int tempInt = 0; + uint8_t input = 0; + uint32_t tempInt = 0; int j = 0, i = 0, v = 0; char buf[32]; @@ -4224,11 +4225,11 @@ static VOS_STATUS hdd_parse_ese_beacon_req(tANI_U8 *pValue, v = sscanf(inPtr, "%31s ", buf); if (1 != v) return -EINVAL; - v = kstrtos32(buf, 10, &tempInt); + v = kstrtou8(buf, 10, &input); if (v < 0) return -EINVAL; - tempInt = VOS_MIN(tempInt, SIR_ESE_MAX_MEAS_IE_REQS); - pEseBcnReq->numBcnReqIe = tempInt; + input = VOS_MIN(input, SIR_ESE_MAX_MEAS_IE_REQS); + pEseBcnReq->numBcnReqIe = input; hddLog(LOG1, "Number of Bcn Req Ie fields: %d", pEseBcnReq->numBcnReqIe); @@ -4249,24 +4250,24 @@ static VOS_STATUS hdd_parse_ese_beacon_req(tANI_U8 *pValue, v = sscanf(inPtr, "%31s ", buf); if (1 != v) return -EINVAL; - v = kstrtos32(buf, 10, &tempInt); + v = kstrtou32(buf, 10, &tempInt); if (v < 0) return -EINVAL; switch (i) { case 0: /* Measurement token */ - if (tempInt <= 0) { + if (!tempInt) { VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, - "Invalid Measurement Token(%d)", tempInt); + "Invalid Measurement Token: %d", tempInt); return -EINVAL; } pEseBcnReq->bcnReq[j].measurementToken = tempInt; break; case 1: /* Channel number */ - if ((tempInt <= 0) || + if ((!tempInt) || (tempInt > WNI_CFG_CURRENT_CHANNEL_STAMAX)) { VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, - "Invalid Channel Number(%d)", tempInt); + "Invalid Channel Number: %d", tempInt); return -EINVAL; } pEseBcnReq->bcnReq[j].channel = tempInt; @@ -4276,19 +4277,18 @@ static VOS_STATUS hdd_parse_ese_beacon_req(tANI_U8 *pValue, if ((tempInt < eSIR_PASSIVE_SCAN) || (tempInt > eSIR_BEACON_TABLE)) { VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, - "Invalid Scan Mode(%d) Expected{0|1|2}", tempInt); + "Invalid Scan Mode: %d Expected{0|1|2}", tempInt); return -EINVAL; } pEseBcnReq->bcnReq[j].scanMode= tempInt; break; case 3: /* Measurement duration */ - if (((tempInt <= 0) && + if (((!tempInt) && (pEseBcnReq->bcnReq[j].scanMode != eSIR_BEACON_TABLE)) || - ((tempInt < 0) && - (pEseBcnReq->bcnReq[j].scanMode == eSIR_BEACON_TABLE))) { + ((pEseBcnReq->bcnReq[j].scanMode == eSIR_BEACON_TABLE))) { VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, - "Invalid Measurement Duration(%d)", tempInt); + "Invalid Measurement Duration: %d", tempInt); return -EINVAL; } pEseBcnReq->bcnReq[j].measurementDuration = tempInt; -- cgit v1.1