Merge tag 'LA.UM.8.1.r1-14500-sm8150.0' of https://source.codeaurora.org/quic/la/platform/hardware/qcom/wlan into lineage-17.1
"LA.UM.8.1.r1-14500-sm8150.0"
Change-Id: I294edb29a68e8b5c1f4f727bb3eab2dd857d8579
diff --git a/qcwcn/wifi_hal/wifi_hal.cpp b/qcwcn/wifi_hal/wifi_hal.cpp
index 8e6157b..4207f4d 100644
--- a/qcwcn/wifi_hal/wifi_hal.cpp
+++ b/qcwcn/wifi_hal/wifi_hal.cpp
@@ -1138,6 +1138,12 @@
goto nl_out;
}
+ if (ctrl_msg->data_len > nlmsg_get_max_size(msg))
+ {
+ ALOGE("%s: Invalid ctrl msg length \n", __FUNCTION__);
+ retval = -1;
+ goto nl_out;
+ }
memcpy((char *)msg->nm_nlh, (char *)ctrl_msg->data, ctrl_msg->data_len);
if(ctrl_msg->family_name == GENERIC_NL_FAMILY)
@@ -1306,6 +1312,12 @@
if(attach)
{
+ if (ctrl_msg->monsock_len > sizeof(struct sockaddr_un))
+ {
+ ALOGE("%s: Invalid monitor socket length \n", __FUNCTION__);
+ return -3;
+ }
+
nreg = (wifihal_mon_sock_t *)malloc(sizeof(*reg) + match_len);
if (!nreg)
return -1;
diff --git a/qcwcn/wpa_supplicant_8_lib/driver_cmd_nl80211_extn.c b/qcwcn/wpa_supplicant_8_lib/driver_cmd_nl80211_extn.c
index b6136ce..4bc4dc8 100644
--- a/qcwcn/wpa_supplicant_8_lib/driver_cmd_nl80211_extn.c
+++ b/qcwcn/wpa_supplicant_8_lib/driver_cmd_nl80211_extn.c
@@ -30,8 +30,8 @@
#include <netlink/object-api.h>
#include <linux/pkt_sched.h>
#include <dlfcn.h>
-#include "driver_cmd_nl80211_extn.h"
#include "common.h"
+#include "driver_cmd_nl80211_extn.h"
int wpa_driver_oem_initialize(wpa_driver_oem_cb_table_t *oem_cb_table)