mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-07-08 20:31:57 +00:00
75 lines
2.8 KiB
Diff
75 lines
2.8 KiB
Diff
From 954bdf216ce56a860092fd9549229b036e08c97b Mon Sep 17 00:00:00 2001
|
|
From: Ashish Kumar Dhanotiya <adhanoti@codeaurora.org>
|
|
Date: Tue, 13 Jun 2017 18:41:49 +0530
|
|
Subject: qcacld-2.0: Validate vendor command do_acs
|
|
|
|
Currently attributes are not validated in __wlan_hdd_cfg80211_do_acs,
|
|
this can lead to a buffer overread.
|
|
|
|
To resolve this issue, Define an nla_policy and validate the
|
|
attributes.
|
|
|
|
CRs-Fixed: 2058448
|
|
Change-Id: Ic1bd5abbef09407f925625b709f10cf9cb7c3d7f
|
|
---
|
|
CORE/HDD/src/wlan_hdd_cfg80211.c | 27 +++++++++++++--------------
|
|
1 file changed, 13 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
|
|
index 2ec3d68..c87f7c0 100644
|
|
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
|
|
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
|
|
@@ -9170,9 +9170,20 @@ static void
|
|
wlan_hdd_set_mcc_to_scc_switch(hdd_adapter_t *adapter)
|
|
{}
|
|
#endif
|
|
+static const struct nla_policy
|
|
+wlan_hdd_cfg80211_do_acs_policy[QCA_WLAN_VENDOR_ATTR_ACS_MAX+1] = {
|
|
+ [QCA_WLAN_VENDOR_ATTR_ACS_HW_MODE] = { .type = NLA_U8 },
|
|
+ [QCA_WLAN_VENDOR_ATTR_ACS_HT_ENABLED] = { .type = NLA_FLAG },
|
|
+ [QCA_WLAN_VENDOR_ATTR_ACS_HT40_ENABLED] = { .type = NLA_FLAG },
|
|
+ [QCA_WLAN_VENDOR_ATTR_ACS_VHT_ENABLED] = { .type = NLA_FLAG },
|
|
+ [QCA_WLAN_VENDOR_ATTR_ACS_CHWIDTH] = { .type = NLA_U16 },
|
|
+ [QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST] = { .type = NLA_UNSPEC },
|
|
+};
|
|
+
|
|
|
|
/**
|
|
- * __wlan_hdd_cfg80211_do_acs : CFG80211 handler fucntion for DO_ACS Vendor CMD
|
|
+ * __wlan_hdd_cfg80211_do_acs() : CFG80211 handler fucntion for DO_ACS
|
|
+ * Vendor CMD
|
|
* @wiphy: Linux wiphy struct pointer
|
|
* @wdev: Linux wireless device struct pointer
|
|
* @data: ACS information from hostapd
|
|
@@ -9216,18 +9227,6 @@ static int __wlan_hdd_cfg80211_do_acs(struct wiphy *wiphy,
|
|
* config shall be set only from start_acs.
|
|
*/
|
|
|
|
- /* nla_policy Policy template. Policy not applied as some attributes are
|
|
- * optional and QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST has variable length
|
|
- *
|
|
- * [QCA_WLAN_VENDOR_ATTR_ACS_HW_MODE] = { .type = NLA_U8 },
|
|
- * [QCA_WLAN_VENDOR_ATTR_ACS_HT_ENABLED] = { .type = NLA_FLAG },
|
|
- * [QCA_WLAN_VENDOR_ATTR_ACS_HT40_ENABLED] = { .type = NLA_FLAG },
|
|
- * [QCA_WLAN_VENDOR_ATTR_ACS_VHT_ENABLED] = { .type = NLA_FLAG },
|
|
- * [QCA_WLAN_VENDOR_ATTR_ACS_CHWIDTH] = { .type = NLA_U16 },
|
|
- * [QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST] = { .type = NLA_NESTED },
|
|
- */
|
|
-
|
|
-
|
|
status = wlan_hdd_validate_context(hdd_ctx);
|
|
if (0 != status)
|
|
return status;
|
|
@@ -9257,7 +9256,7 @@ static int __wlan_hdd_cfg80211_do_acs(struct wiphy *wiphy,
|
|
vos_mem_zero(&sap_config->acs_cfg, sizeof(struct sap_acs_cfg));
|
|
|
|
status = nla_parse(tb, QCA_WLAN_VENDOR_ATTR_ACS_MAX, data, data_len,
|
|
- NULL);
|
|
+ wlan_hdd_cfg80211_do_acs_policy);
|
|
if (status) {
|
|
hddLog(VOS_TRACE_LEVEL_ERROR, FL("Invalid ATTR"));
|
|
goto out;
|
|
--
|
|
cgit v1.1
|
|
|