qcacld-3.0: Properly validate the band in vendor scan command
Currently in __wlan_hdd_cfg80211_vendor_scan() the band parsed from
the QCA_WLAN_VENDOR_ATTR_SCAN_SUPP_RATES is not sufficiently validated
before being used. Validate the actual value before attempting to use
it as an index.
Change-Id: I0db43ab8e73e20c8cb60a75a521a934967615023
CRs-Fixed: 1085099
diff --git a/core/hdd/src/wlan_hdd_scan.c b/core/hdd/src/wlan_hdd_scan.c
index f955421..f74c58f 100644
--- a/core/hdd/src/wlan_hdd_scan.c
+++ b/core/hdd/src/wlan_hdd_scan.c
@@ -2038,14 +2038,17 @@
if (tb[QCA_WLAN_VENDOR_ATTR_SCAN_SUPP_RATES]) {
nla_for_each_nested(attr,
- tb[QCA_WLAN_VENDOR_ATTR_SCAN_SUPP_RATES],
- tmp) {
+ tb[QCA_WLAN_VENDOR_ATTR_SCAN_SUPP_RATES],
+ tmp) {
band = nla_type(attr);
+ if (band >= NUM_NL80211_BANDS)
+ continue;
if (!wiphy->bands[band])
continue;
- request->rates[band] = wlan_hdd_get_rates(wiphy,
- band, nla_data(attr),
- nla_len(attr));
+ request->rates[band] =
+ wlan_hdd_get_rates(wiphy,
+ band, nla_data(attr),
+ nla_len(attr));
}
}
@@ -2053,7 +2056,7 @@
request->flags =
nla_get_u32(tb[QCA_WLAN_VENDOR_ATTR_SCAN_FLAGS]);
if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
- !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
+ !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
hdd_err("LOW PRIORITY SCAN not supported");
goto error;
}