net: wireless: bcmdhd: adding bssid count NL attribute in SWC config

adding new NL attribute item which contain SWC BSSIDs count. This help for kernel driver to know it early before parsing whole NL buffer. and sort out security vulnerability cases where malicious buffer injected. Signed-off-by: Insun Song <insun.song@broadcom.com> Bug: 34973477 Change-Id: I1db053e722876e4b97d8f25fdc881279fa467bf6
author: Insun Song <insun.song@broadcom.com> 2017-04-21 14:45:12 -0700
committer: Ecco Park <eccopark@google.com> 2017-05-04 16:28:22 -0700
commit: f57fbe161190c2910c349b2b3af0b9b27c6a1c91 (patch)
tree: d2851f140c2761e2a215c74868c7a79401bab94a
parent: 66d82546960bb2408e1aa31856a3f9a6a400681f (diff)
download: wlan-f57fbe161190c2910c349b2b3af0b9b27c6a1c91.tar.gz
1 files changed, 28 insertions, 20 deletions
diff --git a/bcmdhd/wifi_hal/gscan.cpp b/bcmdhd/wifi_hal/gscan.cpp
index 07155e2..73bfe8c 100644
--- a/bcmdhd/wifi_hal/gscan.cpp
+++ b/bcmdhd/wifi_hal/gscan.cpp
@@ -1436,30 +1436,38 @@ public:
         if (result < 0) {
             return result;
         }
-
-        struct nlattr * attr = request.attr_start(GSCAN_ATTRIBUTE_SIGNIFICANT_CHANGE_BSSIDS);
-
-        for (int i = 0; i < mParams.num_bssid; i++) {
-            nlattr *attr2 = request.attr_start(i);
-            if (attr2 == NULL) {
+        result = request.put_u16(GSCAN_ATTRIBUTE_NUM_BSSID, mParams.num_bssid);
+        if (result < 0) {
+            return result;
+        }
+        if (mParams.num_bssid != 0) {
+            nlattr* attr = request.attr_start(GSCAN_ATTRIBUTE_SIGNIFICANT_CHANGE_BSSIDS);
+            if (attr == NULL) {
                 return WIFI_ERROR_OUT_OF_MEMORY;
             }
-            result = request.put_addr(GSCAN_ATTRIBUTE_BSSID, mParams.ap[i].bssid);
-            if (result < 0) {
-                return result;
-            }
-            result = request.put_u8(GSCAN_ATTRIBUTE_RSSI_HIGH, mParams.ap[i].high);
-            if (result < 0) {
-                return result;
-            }
-            result = request.put_u8(GSCAN_ATTRIBUTE_RSSI_LOW, mParams.ap[i].low);
-            if (result < 0) {
-                return result;
+
+            for (int i = 0; i < mParams.num_bssid; i++) {
+                nlattr* attr2 = request.attr_start(i);
+                if (attr2 == NULL) {
+                    return WIFI_ERROR_OUT_OF_MEMORY;
+                }
+                result = request.put_addr(GSCAN_ATTRIBUTE_BSSID, mParams.ap[i].bssid);
+                if (result < 0) {
+                    return result;
+                }
+                result = request.put_u8(GSCAN_ATTRIBUTE_RSSI_HIGH, mParams.ap[i].high);
+                if (result < 0) {
+                    return result;
+                }
+                result = request.put_u8(GSCAN_ATTRIBUTE_RSSI_LOW, mParams.ap[i].low);
+                if (result < 0) {
+                    return result;
+                }
+                request.attr_end(attr2);
             }
-            request.attr_end(attr2);
-        }
 
-        request.attr_end(attr);
+            request.attr_end(attr);
+        }
         request.attr_end(data);
 
         return result;
author	Insun Song <insun.song@broadcom.com>	2017-04-21 14:45:12 -0700
committer	Ecco Park <eccopark@google.com>	2017-05-04 16:28:22 -0700
commit	f57fbe161190c2910c349b2b3af0b9b27c6a1c91 (patch)
tree	d2851f140c2761e2a215c74868c7a79401bab94a
parent	66d82546960bb2408e1aa31856a3f9a6a400681f (diff)
download	wlan-f57fbe161190c2910c349b2b3af0b9b27c6a1c91.tar.gz