diff options
author | Insun Song <insun.song@broadcom.com> | 2017-04-21 14:45:12 -0700 |
---|---|---|
committer | Ecco Park <eccopark@google.com> | 2017-05-04 16:28:22 -0700 |
commit | f57fbe161190c2910c349b2b3af0b9b27c6a1c91 (patch) | |
tree | d2851f140c2761e2a215c74868c7a79401bab94a | |
parent | 66d82546960bb2408e1aa31856a3f9a6a400681f (diff) | |
download | wlan-f57fbe161190c2910c349b2b3af0b9b27c6a1c91.tar.gz |
net: wireless: bcmdhd: adding bssid count NL attribute in SWC config
adding new NL attribute item which contain SWC BSSIDs count. This help for
kernel driver to know it early before parsing whole NL buffer. and sort
out security vulnerability cases where malicious buffer injected.
Signed-off-by: Insun Song <insun.song@broadcom.com>
Bug: 34973477
Change-Id: I1db053e722876e4b97d8f25fdc881279fa467bf6
-rw-r--r-- | bcmdhd/wifi_hal/gscan.cpp | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/bcmdhd/wifi_hal/gscan.cpp b/bcmdhd/wifi_hal/gscan.cpp index 07155e2..73bfe8c 100644 --- a/bcmdhd/wifi_hal/gscan.cpp +++ b/bcmdhd/wifi_hal/gscan.cpp @@ -1436,30 +1436,38 @@ public: if (result < 0) { return result; } - - struct nlattr * attr = request.attr_start(GSCAN_ATTRIBUTE_SIGNIFICANT_CHANGE_BSSIDS); - - for (int i = 0; i < mParams.num_bssid; i++) { - nlattr *attr2 = request.attr_start(i); - if (attr2 == NULL) { + result = request.put_u16(GSCAN_ATTRIBUTE_NUM_BSSID, mParams.num_bssid); + if (result < 0) { + return result; + } + if (mParams.num_bssid != 0) { + nlattr* attr = request.attr_start(GSCAN_ATTRIBUTE_SIGNIFICANT_CHANGE_BSSIDS); + if (attr == NULL) { return WIFI_ERROR_OUT_OF_MEMORY; } - result = request.put_addr(GSCAN_ATTRIBUTE_BSSID, mParams.ap[i].bssid); - if (result < 0) { - return result; - } - result = request.put_u8(GSCAN_ATTRIBUTE_RSSI_HIGH, mParams.ap[i].high); - if (result < 0) { - return result; - } - result = request.put_u8(GSCAN_ATTRIBUTE_RSSI_LOW, mParams.ap[i].low); - if (result < 0) { - return result; + + for (int i = 0; i < mParams.num_bssid; i++) { + nlattr* attr2 = request.attr_start(i); + if (attr2 == NULL) { + return WIFI_ERROR_OUT_OF_MEMORY; + } + result = request.put_addr(GSCAN_ATTRIBUTE_BSSID, mParams.ap[i].bssid); + if (result < 0) { + return result; + } + result = request.put_u8(GSCAN_ATTRIBUTE_RSSI_HIGH, mParams.ap[i].high); + if (result < 0) { + return result; + } + result = request.put_u8(GSCAN_ATTRIBUTE_RSSI_LOW, mParams.ap[i].low); + if (result < 0) { + return result; + } + request.attr_end(attr2); } - request.attr_end(attr2); - } - request.attr_end(attr); + request.attr_end(attr); + } request.attr_end(data); return result; |