Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6f971457 authored by Wilson Yang's avatar Wilson Yang Committed by Madan Mohan Koyyalamudi
Browse files

DroidSec: Check sscanf returns in function iw_set_power_params 

Return values from the two sscanf calls in this function must
be checked to confirm that parameters were parsed correctly before
proceeding to use them.

Change-Id: Ifbdb7d2366a580d081dc5173fc2c0eb2aa889d42
CRs-fixed: 554545
parent 3fc2664d

CORE/HDD/src/wlan_hdd_wext.c

+13 −2
Original line number Diff line number Diff line
@@ -6880,7 +6880,12 @@ VOS_STATUS iw_set_power_params(struct net_device *dev, struct iw_request_info *i 


  while ( uTotalSize )

  {

    sscanf(ptr,"%hhu %n", &(ucType), &nOffset);

    if (1 != sscanf(ptr,"%hhu %n", &(ucType), &nOffset))

    {

        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,

                  "Invalid input parameter type %s",ptr);

         return VOS_STATUS_E_FAILURE;

    }



    uTotalSize -= nOffset;
@@ -6893,7 +6898,13 @@ VOS_STATUS iw_set_power_params(struct net_device *dev, struct iw_request_info *i 
    }



    ptr += nOffset;

    sscanf(ptr,"%lu %n", &(uValue), &nOffset);



    if (1 != sscanf(ptr,"%lu %n", &(uValue), &nOffset))

    {

        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,

                  "Invalid input parameter value %s",ptr);

         return VOS_STATUS_E_FAILURE;

    }



    VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO,

              "Power request parameter %d value %d offset %d",