qcacld-3.0: Add checks to handle return value from crypto APIs

Add checks in caller APIs to handle negative return value from
crypto get param and crypto get peer param APIs.

Change-Id: Ibb138971f347c7ccdacbc93aa38521d5d9536759
CRs-Fixed: 2775328

components/mlme/core/src/wlan_mlme_main.c

@@ -123,7 +123,7 @@ QDF_STATUS mlme_get_peer_mic_len(struct wlan_objmgr_psoc *psoc, uint8_t pdev_id,
 				 uint8_t *mic_hdr_len)
 {
 	struct wlan_objmgr_peer *peer;
-	uint32_t key_cipher;
+	int32_t key_cipher;
 
 	if (!psoc || !mic_len || !mic_hdr_len || !peer_mac) {
 		mlme_legacy_debug("psoc/mic_len/mic_hdr_len/peer_mac null");
@@ -141,8 +141,14 @@ QDF_STATUS mlme_get_peer_mic_len(struct wlan_objmgr_psoc *psoc, uint8_t pdev_id,
 	key_cipher =
 		wlan_crypto_get_peer_param(peer,
 					   WLAN_CRYPTO_PARAM_UCAST_CIPHER);
+
 	wlan_objmgr_peer_release_ref(peer, WLAN_LEGACY_MAC_ID);
 
+	if (key_cipher < 0) {
+		mlme_legacy_err("Invalid mgmt cipher");
+		return QDF_STATUS_E_INVAL;
+	}
+
 	if (key_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM) ||
 	    key_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) {
 		*mic_hdr_len = WLAN_IEEE80211_GCMP_HEADERLEN;

components/mlme/dispatcher/src/wlan_mlme_api.c

@@ -3699,7 +3699,7 @@ void wlan_mlme_update_sae_single_pmk(struct wlan_objmgr_vdev *vdev,
 				     struct mlme_pmk_info *sae_single_pmk)
 {
 	struct mlme_legacy_priv *mlme_priv;
-	uint32_t keymgmt;
+	int32_t keymgmt;
 	bool is_sae_connection = false;
 
 	mlme_priv = wlan_vdev_mlme_get_ext_hdl(vdev);
@@ -3709,6 +3709,10 @@ void wlan_mlme_update_sae_single_pmk(struct wlan_objmgr_vdev *vdev,
 	}
 
 	keymgmt = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_KEY_MGMT);
+	if (keymgmt < 0) {
+		mlme_legacy_err("Invalid mgmt cipher");
+		return;
+	}
 
 	if (keymgmt & (1 << WLAN_CRYPTO_KEY_MGMT_SAE))
 		is_sae_connection = true;

core/hdd/src/wlan_hdd_hostapd.c

@@ -3318,7 +3318,7 @@ sap_restart:
 uint32_t hdd_get_ap_6ghz_capable(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id)
 {
 	struct wlan_objmgr_vdev *vdev;
-	uint32_t keymgmt;
+	int32_t keymgmt;
 	struct hdd_adapter *ap_adapter;
 	struct hdd_ap_ctx *ap_ctx;
 	struct sap_context *sap_context;
@@ -3376,6 +3376,12 @@ uint32_t hdd_get_ap_6ghz_capable(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id)
 		capable |= CONN_6GHZ_FLAG_ACS_OR_USR_ALLOWED;
 
 	keymgmt = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_KEY_MGMT);
+	if (keymgmt < 0) {
+		hdd_err("Invalid mgmt cipher");
+		wlan_objmgr_vdev_release_ref(vdev, WLAN_HDD_ID_OBJ_MGR);
+		return 0;
+	}
+
 	if (!keymgmt || (keymgmt & (1 << WLAN_CRYPTO_KEY_MGMT_NONE |
 		       1 << WLAN_CRYPTO_KEY_MGMT_SAE |
 		       1 << WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B |

core/mac/src/pe/lim/lim_process_sme_req_messages.c

@@ -1135,7 +1135,7 @@ bool
 lim_get_vdev_rmf_capable(struct mac_context *mac, struct pe_session *session)
 {
 	struct wlan_objmgr_vdev *vdev;
-	uint16_t rsn_caps;
+	int32_t rsn_caps;
 	bool peer_rmf_capable = false;
 
 	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(mac->psoc,
@@ -1145,8 +1145,12 @@ lim_get_vdev_rmf_capable(struct mac_context *mac, struct pe_session *session)
 		pe_err("Invalid vdev");
 		return false;
 	}
-	rsn_caps = (uint16_t)wlan_crypto_get_param(vdev,
-						   WLAN_CRYPTO_PARAM_RSN_CAP);
+	rsn_caps = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_RSN_CAP);
+	if (rsn_caps < 0) {
+		pe_err("Invalid mgmt cipher");
+		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+		return false;
+	}
 	if (wlan_crypto_vdev_has_mgmtcipher(
 				vdev,
 				(1 << WLAN_CRYPTO_CIPHER_AES_GMAC) |

core/sme/src/csr/csr_api_roam.c

@@ -7249,7 +7249,7 @@ static void csr_update_tx_pwr_to_fw(struct mac_context *mac_ctx,
 static void csr_update_rsn_intersect_to_fw(struct wlan_objmgr_psoc *psoc,
 					   uint8_t vdev_id)
 {
-	uint32_t rsn_val = 0;
+	int32_t rsn_val;
 	struct wlan_objmgr_vdev *vdev;
 
 	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id,
@@ -7261,8 +7261,14 @@ static void csr_update_rsn_intersect_to_fw(struct wlan_objmgr_psoc *psoc,
 	}
 
 	rsn_val = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_RSN_CAP);
+
 	wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
 
+	if (rsn_val < 0) {
+		sme_err("Invalid mgmt cipher");
+		return;
+	}
+
 	if (wma_cli_set2_command(vdev_id, WMI_VDEV_PARAM_RSN_CAPABILITY,
 				 rsn_val, 0, VDEV_CMD))
 		sme_err("Failed to update WMI_VDEV_PARAM_RSN_CAPABILITY for vdev id %d",
@@ -14107,7 +14113,7 @@ void csr_clear_sae_single_pmk(struct wlan_objmgr_psoc *psoc,
 			      uint8_t vdev_id, tPmkidCacheInfo *pmk_cache)
 {
 	struct wlan_objmgr_vdev *vdev;
-	uint32_t keymgmt;
+	int32_t keymgmt;
 	struct mlme_pmk_info pmk_info;
 
 	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id,
@@ -14118,6 +14124,12 @@ void csr_clear_sae_single_pmk(struct wlan_objmgr_psoc *psoc,
 	}
 
 	keymgmt = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_KEY_MGMT);
+	if (keymgmt < 0) {
+		sme_err("Invalid mgmt cipher");
+		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+		return;
+	}
+
 	if (!(keymgmt & (1 << WLAN_CRYPTO_KEY_MGMT_SAE))) {
 		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
 		return;
@@ -17442,9 +17454,8 @@ csr_rso_command_fill_11w_params(struct mac_context *mac_ctx,
 	tAniEdType group_mgmt_cipher;
 
 	struct wlan_objmgr_vdev *vdev;
-	uint16_t rsn_caps;
+	int32_t rsn_caps, keymgmt;
 	bool peer_rmf_capable = false;
-	uint32_t keymgmt;
 
 	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(mac_ctx->psoc,
 			session_id,
@@ -17456,6 +17467,12 @@ csr_rso_command_fill_11w_params(struct mac_context *mac_ctx,
 
 	rsn_caps = (uint16_t)wlan_crypto_get_param(vdev,
 						   WLAN_CRYPTO_PARAM_RSN_CAP);
+	if (rsn_caps < 0) {
+		sme_err("Invalid mgmt cipher");
+		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+		return;
+	}
+
 	if (wlan_crypto_vdev_has_mgmtcipher(vdev,
 					(1 << WLAN_CRYPTO_CIPHER_AES_GMAC) |
 					(1 << WLAN_CRYPTO_CIPHER_AES_GMAC_256) |
@@ -17467,6 +17484,11 @@ csr_rso_command_fill_11w_params(struct mac_context *mac_ctx,
 	network_cfg->mfp_enabled = peer_rmf_capable;
 
 	keymgmt = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER);
+	if (keymgmt < 0) {
+		sme_err("Invalid mgmt cipher");
+		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+		return;
+	}
 
 	if (keymgmt & (1 << WLAN_CRYPTO_CIPHER_AES_CMAC)) {
 		group_mgmt_cipher = eSIR_ED_AES_128_CMAC;
@@ -17516,6 +17538,7 @@ csr_rso_command_fill_rsn_caps(struct mac_context *mac_ctx, uint8_t vdev_id,
 			      uint16_t *rsn_caps,
 			      tCsrRoamConnectedProfile *profile)
 {
+	int32_t ret_val;
 	struct wlan_objmgr_vdev *vdev;
 
 	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(mac_ctx->psoc, vdev_id,
@@ -17525,7 +17548,14 @@ csr_rso_command_fill_rsn_caps(struct mac_context *mac_ctx, uint8_t vdev_id,
 		return;
 	}
 
-	*rsn_caps = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_RSN_CAP);
+	ret_val = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_RSN_CAP);
+	if (ret_val < 0) {
+		sme_err("Invalid mgmt cipher");
+		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+		return;
+	}
+
+	*rsn_caps = ret_val;
 	csr_fill_pmf_caps(rsn_caps, profile);
 
 	wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
@@ -22841,7 +22871,7 @@ csr_check_and_set_sae_single_pmk_cap(struct mac_context *mac_ctx,
 	struct wlan_objmgr_vdev *vdev;
 	struct mlme_pmk_info *pmk_info;
 	tPmkidCacheInfo *pmkid_cache;
-	uint32_t keymgmt;
+	int32_t keymgmt;
 	bool val, lookup_success;
 
 	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(mac_ctx->psoc, vdev_id,
@@ -22852,6 +22882,11 @@ csr_check_and_set_sae_single_pmk_cap(struct mac_context *mac_ctx,
 	}
 
 	keymgmt = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_KEY_MGMT);
+	if (keymgmt < 0) {
+		mlme_err("Invalid mgmt cipher");
+		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+		return;
+	}
 
 	if (keymgmt & (1 << WLAN_CRYPTO_KEY_MGMT_SAE)) {
 		val = csr_is_sae_single_pmk_vsie_ap(session->pConnectBssDesc);

core/sme/src/csr/csr_util.c

@@ -2846,6 +2846,7 @@ uint8_t csr_construct_rsn_ie(struct mac_context *mac, uint32_t sessionId,
 	uint8_t ie_len = 0;
 	tDot11fBeaconIEs *local_ap_ie = ap_ie;
 	uint16_t rsn_cap = 0, self_rsn_cap;
+	int32_t rsn_val;
 	struct wlan_crypto_pmksa pmksa, *pmksa_peer;
 	struct csr_roam_session *session = &mac->roam.roamSession[sessionId];
 
@@ -2867,8 +2868,14 @@ uint8_t csr_construct_rsn_ie(struct mac_context *mac, uint32_t sessionId,
 		return ie_len;
 	}
 
-	self_rsn_cap = (uint16_t)wlan_crypto_get_param(vdev,
-						   WLAN_CRYPTO_PARAM_RSN_CAP);
+	rsn_val = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_RSN_CAP);
+	if (rsn_val < 0) {
+		sme_err("Invalid mgmt cipher");
+		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+		return ie_len;
+	}
+	self_rsn_cap = (uint16_t)rsn_val;
+
 	/* If AP is capable then use self capability else set PMF as 0 */
 	if (rsn_cap & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED &&
 	    pProfile->MFPCapable) {

core/wma/src/wma_scan_roam.c

@@ -2788,7 +2788,7 @@ static void wma_update_roamed_peer_unicast_cipher(tp_wma_handle wma,
 static void wma_get_peer_uc_cipher(tp_wma_handle wma, uint8_t *peer_mac,
 				   uint32_t *uc_cipher, uint32_t *cipher_cap)
 {
-	uint32_t cipher, cap;
+	int32_t cipher, cap;
 	struct wlan_objmgr_peer *peer;
 
 	if (!peer_mac) {
@@ -2809,6 +2809,11 @@ static void wma_get_peer_uc_cipher(tp_wma_handle wma, uint8_t *peer_mac,
 	cap = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_CIPHER_CAP);
 	wlan_objmgr_peer_release_ref(peer, WLAN_LEGACY_WMA_ID);
 
+	if (cipher < 0 || cap < 0) {
+		wma_err("Invalid mgmt cipher");
+		return;
+	}
+
 	if (uc_cipher)
 		*uc_cipher = cipher;
 	if (cipher_cap)