Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
c75ac86118
DivestOS/Patches/Linux_CVEs/CVE-2016-2474/qcacld-2.0/0002.patch
Tad 529ce03a13 Fixup wireless patches
2017-11-07 18:55:10 -05:00

100 lines
4.0 KiB
Diff
Raw Blame History

From 681c310490e49adc43065d1d11006c5a5dc43568 Mon Sep 17 00:00:00 2001
From: Srinivas Girigowda <sgirigow@qca.qualcomm.com>
Date: Tue, 7 Jun 2016 08:51:34 -0700
Subject: qcacld-2.0: Validate CCXBEACONREQ IE fields
Validate CCXBEACONREQ IE fields.
Change-Id: Ie64a642abdd7923e91801186aa5743094a739fc9
CRs-Fixed: 1025185
---
CORE/HDD/src/wlan_hdd_main.c | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c
index b3e855a..bd5c69d 100644
--- a/CORE/HDD/src/wlan_hdd_main.c
+++ b/CORE/HDD/src/wlan_hdd_main.c
@@ -4201,7 +4201,8 @@ static VOS_STATUS hdd_parse_ese_beacon_req(tANI_U8 *pValue,
tCsrEseBeaconReq *pEseBcnReq)
{
tANI_U8 *inPtr = pValue;
- int tempInt = 0;
+ uint8_t input = 0;
+ uint32_t tempInt = 0;
int j = 0, i = 0, v = 0;
char buf[32];
@@ -4224,11 +4225,11 @@ static VOS_STATUS hdd_parse_ese_beacon_req(tANI_U8 *pValue,
v = sscanf(inPtr, "%31s ", buf);
if (1 != v) return -EINVAL;
- v = kstrtos32(buf, 10, &tempInt);
+ v = kstrtou8(buf, 10, &input);
if (v < 0) return -EINVAL;
- tempInt = VOS_MIN(tempInt, SIR_ESE_MAX_MEAS_IE_REQS);
- pEseBcnReq->numBcnReqIe = tempInt;
+ input = VOS_MIN(input, SIR_ESE_MAX_MEAS_IE_REQS);
+ pEseBcnReq->numBcnReqIe = input;
hddLog(LOG1, "Number of Bcn Req Ie fields: %d", pEseBcnReq->numBcnReqIe);
@@ -4249,24 +4250,24 @@ static VOS_STATUS hdd_parse_ese_beacon_req(tANI_U8 *pValue,
v = sscanf(inPtr, "%31s ", buf);
if (1 != v) return -EINVAL;
- v = kstrtos32(buf, 10, &tempInt);
+ v = kstrtou32(buf, 10, &tempInt);
if (v < 0) return -EINVAL;
switch (i) {
case 0: /* Measurement token */
- if (tempInt <= 0) {
+ if (!tempInt) {
VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
- "Invalid Measurement Token(%d)", tempInt);
+ "Invalid Measurement Token: %d", tempInt);
return -EINVAL;
}
pEseBcnReq->bcnReq[j].measurementToken = tempInt;
break;
case 1: /* Channel number */
- if ((tempInt <= 0) ||
+ if ((!tempInt) ||
(tempInt > WNI_CFG_CURRENT_CHANNEL_STAMAX)) {
VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
- "Invalid Channel Number(%d)", tempInt);
+ "Invalid Channel Number: %d", tempInt);
return -EINVAL;
}
pEseBcnReq->bcnReq[j].channel = tempInt;
@@ -4276,19 +4277,18 @@ static VOS_STATUS hdd_parse_ese_beacon_req(tANI_U8 *pValue,
if ((tempInt < eSIR_PASSIVE_SCAN) ||
(tempInt > eSIR_BEACON_TABLE)) {
VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
- "Invalid Scan Mode(%d) Expected{0|1|2}", tempInt);
+ "Invalid Scan Mode: %d Expected{0|1|2}", tempInt);
return -EINVAL;
}
pEseBcnReq->bcnReq[j].scanMode= tempInt;
break;
case 3: /* Measurement duration */
- if (((tempInt <= 0) &&
+ if (((!tempInt) &&
(pEseBcnReq->bcnReq[j].scanMode != eSIR_BEACON_TABLE)) ||
- ((tempInt < 0) &&
- (pEseBcnReq->bcnReq[j].scanMode == eSIR_BEACON_TABLE))) {
+ ((pEseBcnReq->bcnReq[j].scanMode == eSIR_BEACON_TABLE))) {
VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
- "Invalid Measurement Duration(%d)", tempInt);
+ "Invalid Measurement Duration: %d", tempInt);
return -EINVAL;
}
pEseBcnReq->bcnReq[j].measurementDuration = tempInt;
--
cgit v1.1
Reference in New Issue View Git Blame Copy Permalink