|
|
@@ -4161,6 +4161,10 @@ static void cnss_diag_cmd_handler(const void *data, int data_len,
|
|
|
struct dbglog_slot *slot = NULL;
|
|
|
struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_MAX + 1];
|
|
|
|
|
|
+ /*
|
|
|
+ * audit note: it is ok to pass a NULL policy here since a
|
|
|
+ * length check on the data is added later already
|
|
|
+ */
|
|
|
if (nla_parse(tb, CLD80211_ATTR_MAX, data, data_len, NULL)) {
|
|
|
AR_DEBUG_PRINTF(ATH_DEBUG_ERR, ("%s: nla parse fails \n",
|
|
|
__func__));
|
|
|
@@ -4172,6 +4176,12 @@ static void cnss_diag_cmd_handler(const void *data, int data_len,
|
|
|
__func__));
|
|
|
return;
|
|
|
}
|
|
|
+
|
|
|
+ if (nla_len(tb[CLD80211_ATTR_DATA]) != sizeof(struct dbglog_slot)) {
|
|
|
+ AR_DEBUG_PRINTF(ATH_DEBUG_ERR, ("%s: attr length check fails\n",
|
|
|
+ __func__));
|
|
|
+ return;
|
|
|
+ }
|
|
|
slot = (struct dbglog_slot *)nla_data(tb[CLD80211_ATTR_DATA]);
|
|
|
|
|
|
if (!slot) {
|
Tushnim Bhattacharyya