commit 6f9714577ebc68c127132fefbee23ebbce54d6a2
author Wilson Yang <c_yangw@qca.qualcomm.com> Tue Oct 08 15:00:00 2013 -0700
committer Madan Mohan Koyyalamudi <mkoyyala@qca.qualcomm.com> Mon Oct 21 22:52:02 2013 -0700
tree a45f41d39bc2dc77521bdbd821a98a71dbc19047
parent 3fc2664dd8f6df1e676ea4d5c8794be0fc7f2c5f

DroidSec: Check sscanf returns in function iw_set_power_params

Return values from the two sscanf calls in this function must
be checked to confirm that parameters were parsed correctly before
proceeding to use them.

Change-Id: Ifbdb7d2366a580d081dc5173fc2c0eb2aa889d42
CRs-fixed: 554545

CORE/HDD/src/wlan_hdd_wext.c

diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index 4d3123c..820bfcf 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c
@@ -6880,7 +6880,12 @@
 
   while ( uTotalSize )
   {
-    sscanf(ptr,"%hhu %n", &(ucType), &nOffset);
+    if (1 != sscanf(ptr,"%hhu %n", &(ucType), &nOffset))
+    {
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  "Invalid input parameter type %s",ptr);
+         return VOS_STATUS_E_FAILURE;
+    }
 
     uTotalSize -= nOffset;
 
@@ -6893,7 +6898,13 @@
     }
 
     ptr += nOffset;
-    sscanf(ptr,"%lu %n", &(uValue), &nOffset);
+
+    if (1 != sscanf(ptr,"%lu %n", &(uValue), &nOffset))
+    {
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  "Invalid input parameter value %s",ptr);
+         return VOS_STATUS_E_FAILURE;
+    }
 
     VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO,
               "Power request parameter %d value %d offset %d",