diff options
| author | Mark Salyzyn <salyzyn@google.com> | 2016-04-07 09:27:01 -0700 |
|---|---|---|
| committer | Nick Desaulniers <ndesaulniers@google.com> | 2016-04-15 11:17:46 -0700 |
| commit | f7da58ec0a0f73cfd5e78c3944cc7fd7e9e589d1 (patch) | |
| tree | 59e42f4fc0a81a3781c281857f28b42fff80a444 | |
| parent | c80eb91c4f62edc00cb868987cf9b7e82d08fbc8 (diff) | |
| download | x86_64-f7da58ec0a0f73cfd5e78c3944cc7fd7e9e589d1.tar.gz | |
net: wireless: bcmdhd: Verify SSID length (part deux)android-6.0.1_r0.82
Ensure SSID length is checked unsigned maximum
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 26571522
Bug: 27241903
Change-Id: I6cf37634e3a21eac6a90049a2dcc2912345f77f9
| -rw-r--r-- | drivers/net/wireless/bcmdhd/wl_cfg80211.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/drivers/net/wireless/bcmdhd/wl_cfg80211.c b/drivers/net/wireless/bcmdhd/wl_cfg80211.c index 5386f6dbefd4..37a84797ada7 100644 --- a/drivers/net/wireless/bcmdhd/wl_cfg80211.c +++ b/drivers/net/wireless/bcmdhd/wl_cfg80211.c @@ -2041,7 +2041,8 @@ static void wl_scan_prep(struct wl_scan_params *params, struct cfg80211_scan_req for (i = 0; i < n_ssids; i++) { memset(&ssid, 0, sizeof(wlc_ssid_t)); - ssid.SSID_len = MIN((int)request->ssids[i].ssid_len, DOT11_MAX_SSID_LEN); + ssid.SSID_len = MIN(request->ssids[i].ssid_len, + DOT11_MAX_SSID_LEN); memcpy(ssid.SSID, request->ssids[i].ssid, ssid.SSID_len); if (!ssid.SSID_len) WL_SCAN(("%d: Broadcast scan\n", i)); @@ -7219,14 +7220,17 @@ wl_cfg80211_add_set_beacon(struct wiphy *wiphy, struct net_device *dev, if (dev_role == NL80211_IFTYPE_AP) { /* Store the hostapd SSID */ memset(&cfg->hostapd_ssid.SSID[0], 0x00, DOT11_MAX_SSID_LEN); - cfg->hostapd_ssid.SSID_len = MIN((int)ssid_ie->len, DOT11_MAX_SSID_LEN); + cfg->hostapd_ssid.SSID_len = MIN(ssid_ie->len, + DOT11_MAX_SSID_LEN); memcpy(&cfg->hostapd_ssid.SSID[0], ssid_ie->data, cfg->hostapd_ssid.SSID_len); } else { /* P2P GO */ memset(&cfg->p2p->ssid.SSID[0], 0x00, DOT11_MAX_SSID_LEN); - cfg->p2p->ssid.SSID_len = MIN((int)ssid_ie->len, DOT11_MAX_SSID_LEN); - memcpy(cfg->p2p->ssid.SSID, ssid_ie->data, cfg->p2p->ssid.SSID_len); + cfg->p2p->ssid.SSID_len = MIN(ssid_ie->len, + DOT11_MAX_SSID_LEN); + memcpy(cfg->p2p->ssid.SSID, ssid_ie->data, + cfg->p2p->ssid.SSID_len); } } @@ -11643,7 +11647,8 @@ wl_update_prof(struct bcm_cfg80211 *cfg, struct net_device *ndev, ssid = (wlc_ssid_t *) data; memset(profile->ssid.SSID, 0, sizeof(profile->ssid.SSID)); - profile->ssid.SSID_len = MIN(ssid->SSID_len, (uint32)DOT11_MAX_SSID_LEN); + profile->ssid.SSID_len = MIN(ssid->SSID_len, + DOT11_MAX_SSID_LEN); memcpy(profile->ssid.SSID, ssid->SSID, profile->ssid.SSID_len); break; case WL_PROF_BSSID: @@ -11727,7 +11732,7 @@ static __used s32 wl_add_ie(struct bcm_cfg80211 *cfg, u8 t, u8 l, u8 *v) static void wl_update_hidden_ap_ie(struct wl_bss_info *bi, u8 *ie_stream, u32 *ie_size, bool roam) { u8 *ssidie; - int32 ssid_len = MIN((int)bi->SSID_len, DOT11_MAX_SSID_LEN); + int32 ssid_len = MIN(bi->SSID_len, DOT11_MAX_SSID_LEN); int32 remaining_ie_buf_len, available_buffer_len; ssidie = (u8 *)cfg80211_find_ie(WLAN_EID_SSID, ie_stream, *ie_size); |