wlan: Fix out of bound read issue in get link properties
Propagation from qcacld-2.0 to prima.
Length of the MAC address is not checked which may cause out of bound
read issue.
To resolve this add a check for MAC address length.
CRs-Fixed: 2065209
Change-Id: I58454b84c28b157cef35984d612a9bc6fdd9ec56
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 1d44d6e..3d07abd 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -6539,7 +6539,8 @@
static const struct
nla_policy
qca_wlan_vendor_attr_policy[QCA_WLAN_VENDOR_ATTR_MAX+1] = {
- [QCA_WLAN_VENDOR_ATTR_MAC_ADDR] = { .type = NLA_UNSPEC },
+ [QCA_WLAN_VENDOR_ATTR_MAC_ADDR] =
+ { .type = NLA_BINARY, .len = VOS_MAC_ADDR_SIZE },
};
/**
@@ -6593,6 +6594,13 @@
return -EINVAL;
}
+ if (nla_len(tb[QCA_WLAN_VENDOR_ATTR_MAC_ADDR]) < sizeof(peer_mac)) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ FL("Attribute peerMac is invalid=%d"),
+ adapter->device_mode);
+ return -EINVAL;
+ }
+
memcpy(peer_mac, nla_data(tb[QCA_WLAN_VENDOR_ATTR_MAC_ADDR]),
sizeof(peer_mac));
hddLog(VOS_TRACE_LEVEL_INFO,