qcacld-3.0: Check for return codes of dot11f_unpack functions

Add checks for return codes of dot11f_unpack functions.

Change-Id: I56149a2a767a9f13009710750a0588c0d658eb56
CRs-Fixed: 2175592

core/hdd/src/wlan_hdd_cfg80211.c

@@ -19209,6 +19209,7 @@ static int wlan_hdd_cfg80211_set_privacy_ibss(struct hdd_adapter *adapter,
 					      struct cfg80211_ibss_params
 					      *params)
 {
+	uint32_t ret;
 	int status = 0;
 	struct hdd_wext_state *pWextState =
 		WLAN_HDD_GET_WEXT_STATE_PTR(adapter);
@@ -19246,10 +19247,14 @@ static int wlan_hdd_cfg80211_set_privacy_ibss(struct hdd_adapter *adapter,
 					hdd_err("invalid ie len:%d", ie[1]);
 					return -EINVAL;
 				}
-				dot11f_unpack_ie_wpa((tpAniSirGlobal) halHandle,
-						     (uint8_t *)&ie[2 + 4],
-						     ie[1] - 4, &dot11WPAIE,
-						     false);
+				ret = dot11f_unpack_ie_wpa(
+						(tpAniSirGlobal) halHandle,
+						(uint8_t *)&ie[2 + 4],
+						ie[1] - 4, &dot11WPAIE, false);
+				if (DOT11F_FAILED(ret)) {
+					hdd_err("unpack failed ret: 0x%x", ret);
+					return -EINVAL;
+				}
 				/*
 				 * Extract the multicast cipher, the
 				 * encType for unicast cipher for

core/hdd/src/wlan_hdd_hostapd.c

@@ -2693,11 +2693,11 @@ int hdd_softap_unpack_ie(tHalHandle halHandle,
 			 bool *pMFPRequired,
 			 uint16_t gen_ie_len, uint8_t *gen_ie)
 {
-	tDot11fIERSN dot11RSNIE = {0};
-	tDot11fIEWPA dot11WPAIE = {0};
-
+	uint32_t ret;
 	uint8_t *pRsnIe;
 	uint16_t RSNIeLen;
+	tDot11fIERSN dot11RSNIE = {0};
+	tDot11fIEWPA dot11WPAIE = {0};
 
 	if (NULL == halHandle) {
 		hdd_err("Error haHandle returned NULL");
@@ -2720,8 +2720,12 @@ int hdd_softap_unpack_ie(tHalHandle halHandle,
 		RSNIeLen = gen_ie_len - 2;
 		/* Unpack the RSN IE */
 		memset(&dot11RSNIE, 0, sizeof(tDot11fIERSN));
-		sme_unpack_rsn_ie(halHandle, pRsnIe, RSNIeLen,
-				  &dot11RSNIE, false);
+		ret = sme_unpack_rsn_ie(halHandle, pRsnIe, RSNIeLen,
+					&dot11RSNIE, false);
+		if (DOT11F_FAILED(ret)) {
+			hdd_err("unpack failed, ret: 0x%x", ret);
+			return -EINVAL;
+		}
 		/* Copy out the encryption and authentication types */
 		hdd_debug("pairwise cipher suite count: %d",
 		       dot11RSNIE.pwise_cipher_suite_count);
@@ -2757,8 +2761,12 @@ int hdd_softap_unpack_ie(tHalHandle halHandle,
 		RSNIeLen = gen_ie_len - (2 + 4);
 		/* Unpack the WPA IE */
 		memset(&dot11WPAIE, 0, sizeof(tDot11fIEWPA));
-		dot11f_unpack_ie_wpa((tpAniSirGlobal) halHandle,
+		ret = dot11f_unpack_ie_wpa((tpAniSirGlobal) halHandle,
 				     pRsnIe, RSNIeLen, &dot11WPAIE, false);
+		if (DOT11F_FAILED(ret)) {
+			hdd_err("unpack failed, ret: 0x%x", ret);
+			return -EINVAL;
+		}
 		/* Copy out the encryption and authentication types */
 		hdd_debug("WPA unicast cipher suite count: %d",
 		       dot11WPAIE.unicast_cipher_count);
@@ -6526,19 +6534,24 @@ static bool wlan_hdd_rate_is_11g(u8 rate)
  */
 static bool wlan_hdd_get_sap_obss(struct hdd_adapter *adapter)
 {
+	uint32_t ret;
+	const uint8_t *ie = NULL;
 	uint8_t ht_cap_ie[DOT11F_IE_HTCAPS_MAX_LEN];
 	tDot11fIEHTCaps dot11_ht_cap_ie = {0};
 	struct hdd_context *hdd_ctx = WLAN_HDD_GET_CTX(adapter);
 	struct hdd_beacon_data *beacon = adapter->session.ap.beacon;
-	const uint8_t *ie = NULL;
 
 	ie = wlan_get_ie_ptr_from_eid(WLAN_EID_HT_CAPABILITY,
 					beacon->tail, beacon->tail_len);
 	if (ie && ie[1]) {
 		qdf_mem_copy(ht_cap_ie, &ie[2], DOT11F_IE_HTCAPS_MAX_LEN);
-		dot11f_unpack_ie_ht_caps((tpAniSirGlobal)hdd_ctx->hHal,
-					ht_cap_ie, ie[1], &dot11_ht_cap_ie,
-					false);
+		ret = dot11f_unpack_ie_ht_caps((tpAniSirGlobal)hdd_ctx->hHal,
+					       ht_cap_ie, ie[1],
+					       &dot11_ht_cap_ie, false);
+		if (DOT11F_FAILED(ret)) {
+			hdd_err("unpack failed, ret: 0x%x", ret);
+			return false;
+		}
 		return dot11_ht_cap_ie.supportedChannelWidthSet;
 	}
 

core/mac/src/pe/lim/lim_process_fils.c

@@ -1064,8 +1064,9 @@ bool lim_process_fils_auth_frame2(tpAniSirGlobal mac_ctx,
 		tpPESession pe_session,
 		tSirMacAuthFrameBody *rx_auth_frm_body)
 {
-	bool pmkid_found = false;
 	int i;
+	uint32_t ret;
+	bool pmkid_found = false;
 	tDot11fIERSN dot11f_ie_rsn = {0};
 
 	if (!pe_session->fils_info)
@@ -1074,10 +1075,11 @@ bool lim_process_fils_auth_frame2(tpAniSirGlobal mac_ctx,
 	if (rx_auth_frm_body->authAlgoNumber != SIR_FILS_SK_WITHOUT_PFS)
 		return false;
 
-	if (dot11f_unpack_ie_rsn(mac_ctx,
-				&rx_auth_frm_body->rsn_ie.info[0],
+	ret = dot11f_unpack_ie_rsn(mac_ctx, &rx_auth_frm_body->rsn_ie.info[0],
 				rx_auth_frm_body->rsn_ie.length,
-				&dot11f_ie_rsn, 0) != DOT11F_PARSE_SUCCESS) {
+				&dot11f_ie_rsn, 0);
+	if (!DOT11F_SUCCEEDED(ret)) {
+		pe_err("unpack failed, ret: %d", ret);
 		return false;
 	}
 

core/mac/src/pe/lim/lim_send_management_frames.c

@@ -1636,6 +1636,7 @@ lim_send_assoc_req_mgmt_frame(tpAniSirGlobal mac_ctx,
 			      tLimMlmAssocReq *mlm_assoc_req,
 			      tpPESession pe_session)
 {
+	int ret;
 	tDot11fAssocRequest *frm;
 	uint16_t caps;
 	uint8_t *frame;
@@ -1966,9 +1967,14 @@ lim_send_assoc_req_mgmt_frame(tpAniSirGlobal mac_ctx,
 	 * before packing the frm structure. In this way, the IE ordering
 	 * which the latest 802.11 spec mandates is maintained.
 	 */
-	if (add_ie_len)
-		dot11f_unpack_assoc_request(mac_ctx, add_ie,
+	if (add_ie_len) {
+		ret = dot11f_unpack_assoc_request(mac_ctx, add_ie,
 					    add_ie_len, frm, true);
+		if (DOT11F_FAILED(ret)) {
+			pe_err("unpack failed, ret: 0x%x", ret);
+			goto end;
+		}
+	}
 
 	status = dot11f_get_packed_assoc_request_size(mac_ctx, frm, &payload);
 	if (DOT11F_FAILED(status)) {

core/mac/src/pe/lim/lim_sme_req_utils.c

@@ -232,6 +232,7 @@ lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message(tpAniSirGlobal mac_ctx,
 						    tpSirRSNie rsn_ie,
 						    tpPESession session)
 {
+	uint32_t ret;
 	uint8_t wpa_idx = 0;
 	uint32_t privacy, val;
 
@@ -284,16 +285,24 @@ lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message(tpAniSirGlobal mac_ctx,
 	} else if ((rsn_ie->length == rsn_ie->rsnIEdata[1] + 2) &&
 		   (rsn_ie->rsnIEdata[0] == SIR_MAC_RSN_EID)) {
 		pe_debug("Only RSN IE is present");
-		dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
-				     rsn_ie->rsnIEdata[1],
-				     &session->gStartBssRSNIe, false);
+		ret = dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
+					   rsn_ie->rsnIEdata[1],
+					   &session->gStartBssRSNIe, false);
+		if (!DOT11F_SUCCEEDED(ret)) {
+			pe_err("unpack failed, ret: %d", ret);
+			return false;
+		}
 		return true;
 	} else if ((rsn_ie->length == rsn_ie->rsnIEdata[1] + 2)
 		   && (rsn_ie->rsnIEdata[0] == SIR_MAC_WPA_EID)) {
 		pe_debug("Only WPA IE is present");
-		dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[6],
-				     (uint8_t) rsn_ie->length - 4,
-				     &session->gStartBssWPAIe, false);
+		ret = dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[6],
+					   (uint8_t) rsn_ie->length - 4,
+					   &session->gStartBssWPAIe, false);
+		if (!DOT11F_SUCCEEDED(ret)) {
+			pe_err("unpack failed, ret: %d", ret);
+			return false;
+		}
 		return true;
 	}
 	/* Check validity of WPA IE */
@@ -312,12 +321,21 @@ lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message(tpAniSirGlobal mac_ctx,
 		return false;
 	} else {
 		/* Both RSN and WPA IEs are present */
-		dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
-				     rsn_ie->rsnIEdata[1],
-				     &session->gStartBssRSNIe, false);
-		dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[wpa_idx + 6],
-				     rsn_ie->rsnIEdata[wpa_idx + 1] - 4,
-				     &session->gStartBssWPAIe, false);
+		ret = dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
+					   rsn_ie->rsnIEdata[1],
+					   &session->gStartBssRSNIe, false);
+		if (!DOT11F_SUCCEEDED(ret)) {
+			pe_err("unpack failed, ret: %d", ret);
+			return false;
+		}
+		ret = dot11f_unpack_ie_wpa(mac_ctx,
+					   &rsn_ie->rsnIEdata[wpa_idx + 6],
+					   rsn_ie->rsnIEdata[wpa_idx + 1] - 4,
+					   &session->gStartBssWPAIe, false);
+		if (!DOT11F_SUCCEEDED(ret)) {
+			pe_err("unpack failed, ret: %d", ret);
+			return false;
+		}
 	}
 	return true;
 }

core/mac/src/sys/legacy/src/utils/src/parser_api.c

@@ -5752,17 +5752,25 @@ tSirRetStatus populate_dot11f_assoc_res_wsc_ie(tpAniSirGlobal pMac,
 					       tDot11fIEWscAssocRes *pDot11f,
 					       tpSirAssocReq pRcvdAssocReq)
 {
-	tDot11fIEWscAssocReq parsedWscAssocReq = { 0, };
+	uint32_t ret;
 	const uint8_t *wscIe;
+	tDot11fIEWscAssocReq parsedWscAssocReq = { 0, };
 
 	wscIe = limGetWscIEPtr(pMac, pRcvdAssocReq->addIE.addIEdata,
 			       pRcvdAssocReq->addIE.length);
 	if (wscIe != NULL) {
 		/* retreive WSC IE from given AssocReq */
-		dot11f_unpack_ie_wsc_assoc_req(pMac,
-			(uint8_t *)wscIe + 2 + 4, /* EID, length, OUI */
-			wscIe[1] - 4, /* length without OUI */
-			&parsedWscAssocReq, false);
+		ret = dot11f_unpack_ie_wsc_assoc_req(pMac,
+						     /* EID, length, OUI */
+						     (uint8_t *)wscIe + 2 + 4,
+						     /* length without OUI */
+						     wscIe[1] - 4,
+						     &parsedWscAssocReq, false);
+		if (!DOT11F_SUCCEEDED(ret)) {
+			pe_err("unpack failed, ret: %d", ret);
+			return eSIR_HAL_INPUT_INVALID;
+		}
+
 		pDot11f->present = 1;
 		/* version has to be 0x10 */
 		pDot11f->Version.present = 1;

core/sme/src/csr/csr_api_scan.c

@@ -3244,17 +3244,22 @@ static void csr_update_bss_with_fils_data(tpAniSirGlobal mac_ctx,
 					  struct scan_cache_entry *scan_entry,
 					  tSirBssDescription *bss_descr)
 {
+	int ret;
 	tDot11fIEfils_indication fils_indication = {0};
 	struct sir_fils_indication fils_ind;
 
 	if (!scan_entry->ie_list.fils_indication)
 		return;
 
-	dot11f_unpack_ie_fils_indication(mac_ctx,
+	ret = dot11f_unpack_ie_fils_indication(mac_ctx,
 				scan_entry->ie_list.fils_indication +
 				SIR_FILS_IND_ELEM_OFFSET,
 				*(scan_entry->ie_list.fils_indication + 1),
 				&fils_indication, false);
+	 if (DOT11F_FAILED(ret)) {
+		sme_err("unpack failed ret: 0x%x", ret);
+		return;
+	}
 
 	update_fils_data(&fils_ind, &fils_indication);
 	if (fils_ind.realm_identifier.realm_cnt > SIR_MAX_REALM_COUNT)

core/sme/src/csr/csr_util.c

@@ -3870,6 +3870,7 @@ uint8_t csr_construct_rsn_ie(tHalHandle hHal, uint32_t sessionId,
 			     tSirBssDescription *pSirBssDesc,
 			     tDot11fBeaconIEs *pIes, tCsrRSNIe *pRSNIe)
 {
+	uint32_t ret;
 	tpAniSirGlobal pMac = PMAC_STRUCT(hHal);
 	bool fRSNMatch;
 	uint8_t cbRSNIe = 0;
@@ -3908,12 +3909,17 @@ uint8_t csr_construct_rsn_ie(tHalHandle hHal, uint32_t sessionId,
 		 * the AP, so that only common capability are enabled.
 		 */
 		if (pProfile->pRSNReqIE && pProfile->nRSNReqIELength) {
-			dot11f_unpack_ie_rsn(pMac, pProfile->pRSNReqIE + 2,
+			ret = dot11f_unpack_ie_rsn(pMac,
+						   pProfile->pRSNReqIE + 2,
 				  pProfile->nRSNReqIELength -2, &rsn_ie, false);
-			pIesLocal->RSN.RSN_Cap[0] = pIesLocal->RSN.RSN_Cap[0] &
-						    rsn_ie.RSN_Cap[0];
-			pIesLocal->RSN.RSN_Cap[1] = pIesLocal->RSN.RSN_Cap[1] &
-						    rsn_ie.RSN_Cap[1];
+			if (!DOT11F_FAILED(ret)) {
+				pIesLocal->RSN.RSN_Cap[0] =
+						pIesLocal->RSN.RSN_Cap[0] &
+						rsn_ie.RSN_Cap[0];
+				pIesLocal->RSN.RSN_Cap[1] =
+						pIesLocal->RSN.RSN_Cap[1] &
+						rsn_ie.RSN_Cap[1];
+			}
 		}
 		/* See if the cyphers in the Bss description match with the
 		 * settings in the profile.