qcacld-3.0: Avoid info leak in spectral scan handler (678bee34) · Commits · e / devices / android_kernel_sony_msm8998

core/hdd/src/wlan_hdd_spectral.c

+12 −2

Original line number	Diff line number	Diff line
		/*
		* Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
		* Copyright (c) 2017-2019 The Linux Foundation. All rights reserved.
		*
		* Permission to use, copy, modify, and/or distribute this software for
		* any purpose with or without fee is hereby granted, provided that the
		@@ -391,7 +391,7 @@ static void __spectral_scan_msg_handler(const void *data, int data_len,
		void *ctx, int pid)
		{
		struct spectral_scan_msg *ss_msg = NULL;
		struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_MAX + 1];
		struct nlattr *tb[CLD80211_ATTR_MAX + 1];
		hdd_context_t *hdd_ctx;
		int ret;

		@@ -400,6 +400,10 @@ static void __spectral_scan_msg_handler(const void *data, int data_len,
		if (0 != ret)
		return;

		/*
		* audit note: it is ok to pass a NULL policy here since only
		* one attribute is parsed and it is explicitly validated
		*/
		if (hdd_nla_parse(tb, CLD80211_ATTR_MAX, data, data_len, NULL)) {
		hdd_err("nla parse fails");
		return;
		@@ -409,6 +413,12 @@ static void __spectral_scan_msg_handler(const void *data, int data_len,
		hdd_err("attr VENDOR_DATA fails");
		return;
		}

		if (nla_len(tb[CLD80211_ATTR_DATA]) < sizeof(*ss_msg)) {
		hdd_err("Invalid length for ATTR_DATA");
		return;
		}

		ss_msg = (struct spectral_scan_msg *)nla_data(tb[CLD80211_ATTR_DATA]);

		if (!ss_msg) {