qcacld-3.0: Check for return codes of dot11f_unpack functions
Add checks for return codes of dot11f_unpack functions. Change-Id: I56149a2a767a9f13009710750a0588c0d658eb56 CRs-Fixed: 2175592
Este cometimento está contido em:
Naveen Rawat
cometido por
nshrivas
nshrivas
ascendente
9f881ae660
cometimento
72475db24a
@@ -19209,6 +19209,7 @@ static int wlan_hdd_cfg80211_set_privacy_ibss(struct hdd_adapter *adapter,
|
||||
struct cfg80211_ibss_params
|
||||
*params)
|
||||
{
|
||||
uint32_t ret;
|
||||
int status = 0;
|
||||
struct hdd_wext_state *pWextState =
|
||||
WLAN_HDD_GET_WEXT_STATE_PTR(adapter);
|
||||
@@ -19246,10 +19247,14 @@ static int wlan_hdd_cfg80211_set_privacy_ibss(struct hdd_adapter *adapter,
|
||||
hdd_err("invalid ie len:%d", ie[1]);
|
||||
return -EINVAL;
|
||||
}
|
||||
dot11f_unpack_ie_wpa((tpAniSirGlobal) halHandle,
|
||||
(uint8_t *)&ie[2 + 4],
|
||||
ie[1] - 4, &dot11WPAIE,
|
||||
false);
|
||||
ret = dot11f_unpack_ie_wpa(
|
||||
(tpAniSirGlobal) halHandle,
|
||||
(uint8_t *)&ie[2 + 4],
|
||||
ie[1] - 4, &dot11WPAIE, false);
|
||||
if (DOT11F_FAILED(ret)) {
|
||||
hdd_err("unpack failed ret: 0x%x", ret);
|
||||
return -EINVAL;
|
||||
}
|
||||
/*
|
||||
* Extract the multicast cipher, the
|
||||
* encType for unicast cipher for
|
||||
|
||||
@@ -2693,11 +2693,11 @@ int hdd_softap_unpack_ie(tHalHandle halHandle,
|
||||
bool *pMFPRequired,
|
||||
uint16_t gen_ie_len, uint8_t *gen_ie)
|
||||
{
|
||||
tDot11fIERSN dot11RSNIE = {0};
|
||||
tDot11fIEWPA dot11WPAIE = {0};
|
||||
|
||||
uint32_t ret;
|
||||
uint8_t *pRsnIe;
|
||||
uint16_t RSNIeLen;
|
||||
tDot11fIERSN dot11RSNIE = {0};
|
||||
tDot11fIEWPA dot11WPAIE = {0};
|
||||
|
||||
if (NULL == halHandle) {
|
||||
hdd_err("Error haHandle returned NULL");
|
||||
@@ -2720,8 +2720,12 @@ int hdd_softap_unpack_ie(tHalHandle halHandle,
|
||||
RSNIeLen = gen_ie_len - 2;
|
||||
/* Unpack the RSN IE */
|
||||
memset(&dot11RSNIE, 0, sizeof(tDot11fIERSN));
|
||||
sme_unpack_rsn_ie(halHandle, pRsnIe, RSNIeLen,
|
||||
&dot11RSNIE, false);
|
||||
ret = sme_unpack_rsn_ie(halHandle, pRsnIe, RSNIeLen,
|
||||
&dot11RSNIE, false);
|
||||
if (DOT11F_FAILED(ret)) {
|
||||
hdd_err("unpack failed, ret: 0x%x", ret);
|
||||
return -EINVAL;
|
||||
}
|
||||
/* Copy out the encryption and authentication types */
|
||||
hdd_debug("pairwise cipher suite count: %d",
|
||||
dot11RSNIE.pwise_cipher_suite_count);
|
||||
@@ -2757,8 +2761,12 @@ int hdd_softap_unpack_ie(tHalHandle halHandle,
|
||||
RSNIeLen = gen_ie_len - (2 + 4);
|
||||
/* Unpack the WPA IE */
|
||||
memset(&dot11WPAIE, 0, sizeof(tDot11fIEWPA));
|
||||
dot11f_unpack_ie_wpa((tpAniSirGlobal) halHandle,
|
||||
ret = dot11f_unpack_ie_wpa((tpAniSirGlobal) halHandle,
|
||||
pRsnIe, RSNIeLen, &dot11WPAIE, false);
|
||||
if (DOT11F_FAILED(ret)) {
|
||||
hdd_err("unpack failed, ret: 0x%x", ret);
|
||||
return -EINVAL;
|
||||
}
|
||||
/* Copy out the encryption and authentication types */
|
||||
hdd_debug("WPA unicast cipher suite count: %d",
|
||||
dot11WPAIE.unicast_cipher_count);
|
||||
@@ -6526,19 +6534,24 @@ static bool wlan_hdd_rate_is_11g(u8 rate)
|
||||
*/
|
||||
static bool wlan_hdd_get_sap_obss(struct hdd_adapter *adapter)
|
||||
{
|
||||
uint32_t ret;
|
||||
const uint8_t *ie = NULL;
|
||||
uint8_t ht_cap_ie[DOT11F_IE_HTCAPS_MAX_LEN];
|
||||
tDot11fIEHTCaps dot11_ht_cap_ie = {0};
|
||||
struct hdd_context *hdd_ctx = WLAN_HDD_GET_CTX(adapter);
|
||||
struct hdd_beacon_data *beacon = adapter->session.ap.beacon;
|
||||
const uint8_t *ie = NULL;
|
||||
|
||||
ie = wlan_get_ie_ptr_from_eid(WLAN_EID_HT_CAPABILITY,
|
||||
beacon->tail, beacon->tail_len);
|
||||
if (ie && ie[1]) {
|
||||
qdf_mem_copy(ht_cap_ie, &ie[2], DOT11F_IE_HTCAPS_MAX_LEN);
|
||||
dot11f_unpack_ie_ht_caps((tpAniSirGlobal)hdd_ctx->hHal,
|
||||
ht_cap_ie, ie[1], &dot11_ht_cap_ie,
|
||||
false);
|
||||
ret = dot11f_unpack_ie_ht_caps((tpAniSirGlobal)hdd_ctx->hHal,
|
||||
ht_cap_ie, ie[1],
|
||||
&dot11_ht_cap_ie, false);
|
||||
if (DOT11F_FAILED(ret)) {
|
||||
hdd_err("unpack failed, ret: 0x%x", ret);
|
||||
return false;
|
||||
}
|
||||
return dot11_ht_cap_ie.supportedChannelWidthSet;
|
||||
}
|
||||
|
||||
|
||||
@@ -1064,8 +1064,9 @@ bool lim_process_fils_auth_frame2(tpAniSirGlobal mac_ctx,
|
||||
tpPESession pe_session,
|
||||
tSirMacAuthFrameBody *rx_auth_frm_body)
|
||||
{
|
||||
bool pmkid_found = false;
|
||||
int i;
|
||||
uint32_t ret;
|
||||
bool pmkid_found = false;
|
||||
tDot11fIERSN dot11f_ie_rsn = {0};
|
||||
|
||||
if (!pe_session->fils_info)
|
||||
@@ -1074,10 +1075,11 @@ bool lim_process_fils_auth_frame2(tpAniSirGlobal mac_ctx,
|
||||
if (rx_auth_frm_body->authAlgoNumber != SIR_FILS_SK_WITHOUT_PFS)
|
||||
return false;
|
||||
|
||||
if (dot11f_unpack_ie_rsn(mac_ctx,
|
||||
&rx_auth_frm_body->rsn_ie.info[0],
|
||||
ret = dot11f_unpack_ie_rsn(mac_ctx, &rx_auth_frm_body->rsn_ie.info[0],
|
||||
rx_auth_frm_body->rsn_ie.length,
|
||||
&dot11f_ie_rsn, 0) != DOT11F_PARSE_SUCCESS) {
|
||||
&dot11f_ie_rsn, 0);
|
||||
if (!DOT11F_SUCCEEDED(ret)) {
|
||||
pe_err("unpack failed, ret: %d", ret);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -1636,6 +1636,7 @@ lim_send_assoc_req_mgmt_frame(tpAniSirGlobal mac_ctx,
|
||||
tLimMlmAssocReq *mlm_assoc_req,
|
||||
tpPESession pe_session)
|
||||
{
|
||||
int ret;
|
||||
tDot11fAssocRequest *frm;
|
||||
uint16_t caps;
|
||||
uint8_t *frame;
|
||||
@@ -1966,9 +1967,14 @@ lim_send_assoc_req_mgmt_frame(tpAniSirGlobal mac_ctx,
|
||||
* before packing the frm structure. In this way, the IE ordering
|
||||
* which the latest 802.11 spec mandates is maintained.
|
||||
*/
|
||||
if (add_ie_len)
|
||||
dot11f_unpack_assoc_request(mac_ctx, add_ie,
|
||||
if (add_ie_len) {
|
||||
ret = dot11f_unpack_assoc_request(mac_ctx, add_ie,
|
||||
add_ie_len, frm, true);
|
||||
if (DOT11F_FAILED(ret)) {
|
||||
pe_err("unpack failed, ret: 0x%x", ret);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
status = dot11f_get_packed_assoc_request_size(mac_ctx, frm, &payload);
|
||||
if (DOT11F_FAILED(status)) {
|
||||
|
||||
@@ -232,6 +232,7 @@ lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message(tpAniSirGlobal mac_ctx,
|
||||
tpSirRSNie rsn_ie,
|
||||
tpPESession session)
|
||||
{
|
||||
uint32_t ret;
|
||||
uint8_t wpa_idx = 0;
|
||||
uint32_t privacy, val;
|
||||
|
||||
@@ -284,16 +285,24 @@ lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message(tpAniSirGlobal mac_ctx,
|
||||
} else if ((rsn_ie->length == rsn_ie->rsnIEdata[1] + 2) &&
|
||||
(rsn_ie->rsnIEdata[0] == SIR_MAC_RSN_EID)) {
|
||||
pe_debug("Only RSN IE is present");
|
||||
dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
|
||||
rsn_ie->rsnIEdata[1],
|
||||
&session->gStartBssRSNIe, false);
|
||||
ret = dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
|
||||
rsn_ie->rsnIEdata[1],
|
||||
&session->gStartBssRSNIe, false);
|
||||
if (!DOT11F_SUCCEEDED(ret)) {
|
||||
pe_err("unpack failed, ret: %d", ret);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
} else if ((rsn_ie->length == rsn_ie->rsnIEdata[1] + 2)
|
||||
&& (rsn_ie->rsnIEdata[0] == SIR_MAC_WPA_EID)) {
|
||||
pe_debug("Only WPA IE is present");
|
||||
dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[6],
|
||||
(uint8_t) rsn_ie->length - 4,
|
||||
&session->gStartBssWPAIe, false);
|
||||
ret = dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[6],
|
||||
(uint8_t) rsn_ie->length - 4,
|
||||
&session->gStartBssWPAIe, false);
|
||||
if (!DOT11F_SUCCEEDED(ret)) {
|
||||
pe_err("unpack failed, ret: %d", ret);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
/* Check validity of WPA IE */
|
||||
@@ -312,12 +321,21 @@ lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message(tpAniSirGlobal mac_ctx,
|
||||
return false;
|
||||
} else {
|
||||
/* Both RSN and WPA IEs are present */
|
||||
dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
|
||||
rsn_ie->rsnIEdata[1],
|
||||
&session->gStartBssRSNIe, false);
|
||||
dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[wpa_idx + 6],
|
||||
rsn_ie->rsnIEdata[wpa_idx + 1] - 4,
|
||||
&session->gStartBssWPAIe, false);
|
||||
ret = dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
|
||||
rsn_ie->rsnIEdata[1],
|
||||
&session->gStartBssRSNIe, false);
|
||||
if (!DOT11F_SUCCEEDED(ret)) {
|
||||
pe_err("unpack failed, ret: %d", ret);
|
||||
return false;
|
||||
}
|
||||
ret = dot11f_unpack_ie_wpa(mac_ctx,
|
||||
&rsn_ie->rsnIEdata[wpa_idx + 6],
|
||||
rsn_ie->rsnIEdata[wpa_idx + 1] - 4,
|
||||
&session->gStartBssWPAIe, false);
|
||||
if (!DOT11F_SUCCEEDED(ret)) {
|
||||
pe_err("unpack failed, ret: %d", ret);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -5752,17 +5752,25 @@ tSirRetStatus populate_dot11f_assoc_res_wsc_ie(tpAniSirGlobal pMac,
|
||||
tDot11fIEWscAssocRes *pDot11f,
|
||||
tpSirAssocReq pRcvdAssocReq)
|
||||
{
|
||||
tDot11fIEWscAssocReq parsedWscAssocReq = { 0, };
|
||||
uint32_t ret;
|
||||
const uint8_t *wscIe;
|
||||
tDot11fIEWscAssocReq parsedWscAssocReq = { 0, };
|
||||
|
||||
wscIe = limGetWscIEPtr(pMac, pRcvdAssocReq->addIE.addIEdata,
|
||||
pRcvdAssocReq->addIE.length);
|
||||
if (wscIe != NULL) {
|
||||
/* retreive WSC IE from given AssocReq */
|
||||
dot11f_unpack_ie_wsc_assoc_req(pMac,
|
||||
(uint8_t *)wscIe + 2 + 4, /* EID, length, OUI */
|
||||
wscIe[1] - 4, /* length without OUI */
|
||||
&parsedWscAssocReq, false);
|
||||
ret = dot11f_unpack_ie_wsc_assoc_req(pMac,
|
||||
/* EID, length, OUI */
|
||||
(uint8_t *)wscIe + 2 + 4,
|
||||
/* length without OUI */
|
||||
wscIe[1] - 4,
|
||||
&parsedWscAssocReq, false);
|
||||
if (!DOT11F_SUCCEEDED(ret)) {
|
||||
pe_err("unpack failed, ret: %d", ret);
|
||||
return eSIR_HAL_INPUT_INVALID;
|
||||
}
|
||||
|
||||
pDot11f->present = 1;
|
||||
/* version has to be 0x10 */
|
||||
pDot11f->Version.present = 1;
|
||||
|
||||
@@ -3244,17 +3244,22 @@ static void csr_update_bss_with_fils_data(tpAniSirGlobal mac_ctx,
|
||||
struct scan_cache_entry *scan_entry,
|
||||
tSirBssDescription *bss_descr)
|
||||
{
|
||||
int ret;
|
||||
tDot11fIEfils_indication fils_indication = {0};
|
||||
struct sir_fils_indication fils_ind;
|
||||
|
||||
if (!scan_entry->ie_list.fils_indication)
|
||||
return;
|
||||
|
||||
dot11f_unpack_ie_fils_indication(mac_ctx,
|
||||
ret = dot11f_unpack_ie_fils_indication(mac_ctx,
|
||||
scan_entry->ie_list.fils_indication +
|
||||
SIR_FILS_IND_ELEM_OFFSET,
|
||||
*(scan_entry->ie_list.fils_indication + 1),
|
||||
&fils_indication, false);
|
||||
if (DOT11F_FAILED(ret)) {
|
||||
sme_err("unpack failed ret: 0x%x", ret);
|
||||
return;
|
||||
}
|
||||
|
||||
update_fils_data(&fils_ind, &fils_indication);
|
||||
if (fils_ind.realm_identifier.realm_cnt > SIR_MAX_REALM_COUNT)
|
||||
|
||||
@@ -3870,6 +3870,7 @@ uint8_t csr_construct_rsn_ie(tHalHandle hHal, uint32_t sessionId,
|
||||
tSirBssDescription *pSirBssDesc,
|
||||
tDot11fBeaconIEs *pIes, tCsrRSNIe *pRSNIe)
|
||||
{
|
||||
uint32_t ret;
|
||||
tpAniSirGlobal pMac = PMAC_STRUCT(hHal);
|
||||
bool fRSNMatch;
|
||||
uint8_t cbRSNIe = 0;
|
||||
@@ -3908,12 +3909,17 @@ uint8_t csr_construct_rsn_ie(tHalHandle hHal, uint32_t sessionId,
|
||||
* the AP, so that only common capability are enabled.
|
||||
*/
|
||||
if (pProfile->pRSNReqIE && pProfile->nRSNReqIELength) {
|
||||
dot11f_unpack_ie_rsn(pMac, pProfile->pRSNReqIE + 2,
|
||||
ret = dot11f_unpack_ie_rsn(pMac,
|
||||
pProfile->pRSNReqIE + 2,
|
||||
pProfile->nRSNReqIELength -2, &rsn_ie, false);
|
||||
pIesLocal->RSN.RSN_Cap[0] = pIesLocal->RSN.RSN_Cap[0] &
|
||||
rsn_ie.RSN_Cap[0];
|
||||
pIesLocal->RSN.RSN_Cap[1] = pIesLocal->RSN.RSN_Cap[1] &
|
||||
rsn_ie.RSN_Cap[1];
|
||||
if (!DOT11F_FAILED(ret)) {
|
||||
pIesLocal->RSN.RSN_Cap[0] =
|
||||
pIesLocal->RSN.RSN_Cap[0] &
|
||||
rsn_ie.RSN_Cap[0];
|
||||
pIesLocal->RSN.RSN_Cap[1] =
|
||||
pIesLocal->RSN.RSN_Cap[1] &
|
||||
rsn_ie.RSN_Cap[1];
|
||||
}
|
||||
}
|
||||
/* See if the cyphers in the Bss description match with the
|
||||
* settings in the profile.
|
||||
|
||||
Criar uma nova questão referindo esta
Bloquear um utilizador