samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Garpu 0
Kode Masalah Tarik Permintaan Actions Packages Projects Rilis Wiki Kegiatan

qcacld-3.0: use nla_total_size() to determine the size for attribute

Telusuri Sumber 
The length calculations in __wlan_hdd_cfg80211_get_wifi_info() are
not accounting for netlink attribute padding.
To fix it, use nla_total_size() to determine the size for attribute.

Change-Id: Ia6a632d32c59af0fac30f19e38f23b2955a0f8f6
CRs-Fixed: 3345051
This commit is contained in:
Yu Wang
2022-11-24 11:46:18 +08:00
committed by Madan Koyyalamudi
orang tua 05d882b848
melakukan cc42389ad0
1 mengubah file dengan 7 tambahan dan 11 penghapusan
Download Patch File Download Diff File Expand all files Collapse all files

18
core/hdd/src/wlan_hdd_cfg80211.c
Melihat File

@@ -7276,7 +7276,7 @@ __wlan_hdd_cfg80211_get_wifi_info(struct wiphy *wiphy,
uint8_t *firmware_version = NULL; uint8_t *firmware_version = NULL;
int status; int status;
struct sk_buff *reply_skb; struct sk_buff *reply_skb;
uint32_t skb_len = 0, count = 0; uint32_t skb_len = 0;
struct pld_soc_info info; struct pld_soc_info info;
bool stt_flag = false; bool stt_flag = false;
@@ -7301,8 +7301,7 @@ __wlan_hdd_cfg80211_get_wifi_info(struct wiphy *wiphy,
if (tb_vendor[QCA_WLAN_VENDOR_ATTR_WIFI_INFO_DRIVER_VERSION]) { if (tb_vendor[QCA_WLAN_VENDOR_ATTR_WIFI_INFO_DRIVER_VERSION]) {
hdd_debug("Rcvd req for Driver version"); hdd_debug("Rcvd req for Driver version");
skb_len += strlen(QWLAN_VERSIONSTR) + 1; skb_len += nla_total_size(strlen(QWLAN_VERSIONSTR) + 1);
count++;
} }
if (tb_vendor[QCA_WLAN_VENDOR_ATTR_WIFI_INFO_FIRMWARE_VERSION]) { if (tb_vendor[QCA_WLAN_VENDOR_ATTR_WIFI_INFO_FIRMWARE_VERSION]) {
@@ -7324,25 +7323,22 @@ __wlan_hdd_cfg80211_get_wifi_info(struct wiphy *wiphy,
hdd_ctx->fw_version_info.sub_id, hdd_ctx->fw_version_info.sub_id,
hdd_ctx->target_hw_name, hdd_ctx->target_hw_name,
(stt_flag ? info.fw_build_id : " ")); (stt_flag ? info.fw_build_id : " "));
skb_len += strlen(firmware_version) + 1; skb_len += nla_total_size(strlen(firmware_version) + 1);
count++;
} }
if (tb_vendor[QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX]) { if (tb_vendor[QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX]) {
hdd_debug("Rcvd req for Radio index"); hdd_debug("Rcvd req for Radio index");
skb_len += sizeof(uint32_t); skb_len += nla_total_size(sizeof(uint32_t));
count++;
} }
if (count == 0) { if (!skb_len) {
hdd_err("unknown attribute in get_wifi_info request"); hdd_err("unknown attribute in get_wifi_info request");
qdf_mem_free(firmware_version); qdf_mem_free(firmware_version);
return -EINVAL; return -EINVAL;
} }
skb_len += (NLA_HDRLEN * count) + NLMSG_HDRLEN; skb_len += NLMSG_HDRLEN;
reply_skb = cfg80211_vendor_cmd_alloc_reply_skb(wiphy, skb_len); reply_skb = wlan_cfg80211_vendor_cmd_alloc_reply_skb(wiphy, skb_len);
if (!reply_skb) { if (!reply_skb) {
hdd_err("cfg80211_vendor_cmd_alloc_reply_skb failed"); hdd_err("cfg80211_vendor_cmd_alloc_reply_skb failed");
qdf_mem_free(firmware_version); qdf_mem_free(firmware_version);