mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-17 02:17:23 -05:00
110 lines
4.1 KiB
Diff
110 lines
4.1 KiB
Diff
From 42a28a93ef19863c39ade86843efb83efc845344 Mon Sep 17 00:00:00 2001
|
|
From: Ravi Kumar Bokka <brkum@codeaurora.org>
|
|
Date: Mon, 12 Jun 2017 21:34:30 +0530
|
|
Subject: [PATCH] qcacld-2.0: Validate vendor set roaming params command
|
|
|
|
Currently there is no nl policy defined for vendor sub command
|
|
QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX which may result in
|
|
buffer overread error.
|
|
|
|
To resolve this, add nl policy.
|
|
|
|
Bug: 36816726
|
|
Change-Id: Ib5d3c34dbcec29a98766753efc4e9c4ecf748c2e
|
|
CRs-Fixed: 2059701
|
|
Signed-off-by: Ecco Park <eccopark@google.com>
|
|
---
|
|
.../qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c | 51 ++++++++++++++++++++--
|
|
1 file changed, 47 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
|
|
index b788566363d87..5ca269bab9cf6 100644
|
|
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
|
|
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
|
|
@@ -1809,6 +1809,49 @@ wlan_hdd_cfg80211_get_concurrency_matrix(struct wiphy *wiphy,
|
|
return ret;
|
|
}
|
|
|
|
+#define MAX_ROAMING_PARAM \
|
|
+ QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX
|
|
+
|
|
+static const struct nla_policy
|
|
+wlan_hdd_set_roam_param_policy[MAX_ROAMING_PARAM + 1] = {
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_SUBCMD] = {.type = NLA_U32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_REQ_ID] = {.type = NLA_U32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_WHITE_LIST_SSID_NUM_NETWORKS] = {
|
|
+ .type = NLA_U32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_WHITE_LIST_SSID_LIST] = {
|
|
+ .type = NLA_U32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_WHITE_LIST_SSID] = {
|
|
+ .type = NLA_U32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_A_BAND_BOOST_THRESHOLD] = {
|
|
+ .type = NLA_S32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_A_BAND_PENALTY_THRESHOLD] = {
|
|
+ .type = NLA_S32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_A_BAND_BOOST_FACTOR] = {
|
|
+ .type = NLA_U32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_A_BAND_PENALTY_FACTOR] = {
|
|
+ .type = NLA_U32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_A_BAND_MAX_BOOST] = {
|
|
+ .type = NLA_U32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_LAZY_ROAM_HISTERESYS] = {
|
|
+ .type = NLA_S32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_ALERT_ROAM_RSSI_TRIGGER] = {
|
|
+ .type = NLA_U32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_LAZY_ROAM_ENABLE] = {
|
|
+ .type = NLA_S32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_LAZY_ROAM_NUM_BSSID] = {
|
|
+ .type = NLA_U32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_LAZY_ROAM_BSSID] = {
|
|
+ .type = NLA_BINARY,
|
|
+ .len = MAC_ADDRESS_STR_LEN},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_LAZY_ROAM_RSSI_MODIFIER] = {
|
|
+ .type = NLA_U32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS_NUM_BSSID] = {
|
|
+ .type = NLA_U32},
|
|
+ [QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS_BSSID] = {
|
|
+ .type = NLA_BINARY,
|
|
+ .len = MAC_ADDRESS_STR_LEN},
|
|
+};
|
|
+
|
|
static int
|
|
__wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
|
|
struct wireless_dev *wdev,
|
|
@@ -1840,7 +1883,7 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
|
|
|
|
if (nla_parse(tb, QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX,
|
|
data, data_len,
|
|
- NULL)) {
|
|
+ wlan_hdd_set_roam_param_policy)) {
|
|
hddLog(LOGE, FL("Invalid ATTR"));
|
|
return -EINVAL;
|
|
}
|
|
@@ -1869,7 +1912,7 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
|
|
if (nla_parse(tb2,
|
|
QCA_WLAN_VENDOR_ATTR_ROAM_SUBCMD_MAX,
|
|
nla_data(curr_attr), nla_len(curr_attr),
|
|
- NULL)) {
|
|
+ wlan_hdd_set_roam_param_policy)) {
|
|
hddLog(LOGE, FL("nla_parse failed"));
|
|
goto fail;
|
|
}
|
|
@@ -2024,7 +2067,7 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
|
|
if (nla_parse(tb2,
|
|
QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX,
|
|
nla_data(curr_attr), nla_len(curr_attr),
|
|
- NULL)) {
|
|
+ wlan_hdd_set_roam_param_policy)) {
|
|
hddLog(LOGE, FL("nla_parse failed"));
|
|
goto fail;
|
|
}
|
|
@@ -2086,7 +2129,7 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
|
|
if (nla_parse(tb2,
|
|
QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX,
|
|
nla_data(curr_attr), nla_len(curr_attr),
|
|
- NULL)) {
|
|
+ wlan_hdd_set_roam_param_policy)) {
|
|
hddLog(LOGE, FL("nla_parse failed"));
|
|
goto fail;
|
|
}
|