From c3fd2a0d86003c0958a71c0b581277a3c6e707b7 Mon Sep 17 00:00:00 2001
From: Jeff Johnson <jjohnson@codeaurora.org>
Date: Mon, 7 May 2018 17:55:20 -0700
Subject: [PATCH] qcacmn: Fix NDP Config QoS policy

The qca_wlan_vendor_ndp_policy for the attribute
QCA_WLAN_VENDOR_ATTR_NDP_CONFIG_QOS currently specifies type
NLA_BINARY with a maximum length of NDP_QOS_INFO_LEN (255). However
this attribute is defined to be an unsigned 32 bit value, and
nla_get_u32() is used to read the value, so change the policy to use
type NLA_U32 so that nla_parse() can properly verify that the TLV
payload has (at least) 4 bytes of data.

Change-Id: Iee5b620ef199b731fc6a449d0055db328430921b
CRs-Fixed: 2237660
---
 src/os_if_nan.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/os_if_nan.c b/src/os_if_nan.c
index f395725711..f9a35beb73 100644
--- a/src/os_if_nan.c
+++ b/src/os_if_nan.c
@@ -67,8 +67,8 @@ vendor_attr_policy[QCA_WLAN_VENDOR_ATTR_NDP_PARAMS_MAX + 1] = {
 						.len = sizeof(uint16_t)
 	},
 	[QCA_WLAN_VENDOR_ATTR_NDP_CONFIG_QOS] = {
-						.type = NLA_BINARY,
-						.len = NDP_QOS_INFO_LEN
+						.type = NLA_U32,
+						.len = sizeof(uint32_t)
 	},
 	[QCA_WLAN_VENDOR_ATTR_NDP_APP_INFO] = {
 						.type = NLA_BINARY,