qcacld-3.0: Specify a policy when parsing TSF commands

In __wlan_hdd_cfg80211_handle_tsf_cmd(), nla_parse() is called to
parse the TSF command attributes.  Currently a policy is not
specified. This prevents nla_parse() from doing basic validation of
the attributes, and in some circumstances could result in a buffer
overread. To avoid this issue define an appropriate policy and use it
in the invocation of nla_parse().

Change-Id: Ic246cf8cf78b043af38198c301465c088b12184a
CRs-Fixed: 2054776

core/hdd/src/wlan_hdd_tsf.c

@@ -241,6 +241,10 @@ int hdd_get_tsf_cb(void *pcb_cxt, struct stsf *ptsf)
 	return 0;
 }
 
+static const struct nla_policy tsf_policy[QCA_WLAN_VENDOR_ATTR_TSF_MAX + 1] = {
+	[QCA_WLAN_VENDOR_ATTR_TSF_CMD] = {.type = NLA_U32},
+};
+
 /**
  * __wlan_hdd_cfg80211_handle_tsf_cmd(): Setup TSF operations
  * @wiphy: Pointer to wireless phy
@@ -272,7 +276,7 @@ static int __wlan_hdd_cfg80211_handle_tsf_cmd(struct wiphy *wiphy,
 		return -EINVAL;
 
 	if (nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_TSF_MAX, data,
-		      data_len, NULL)) {
+		      data_len, tsf_policy)) {
 		hdd_err("Invalid TSF cmd");
 		return -EINVAL;
 	}