commit 3db3877f07b24863c7d97e6f1994d2e47f52c791
author SaidiReddy Yenuga <saidir@codeaurora.org> Tue Mar 28 15:18:56 2017 +0530
committer snandini <snandini@codeaurora.org> Mon Jul 31 07:14:19 2017 -0700
tree b6a43bec52ed21f77375d3bac4351cdd869f59f0
parent 32fa740c8580206521a1ff31ba1057e37146c27f

qcacld-3.0: Validate NLA attr in wlan_hdd_cfg80211_ocb_set_config API

NLA attributes QCA_WLAN_VENDOR_ATTR_OCB_SET_CONFIG_NDL_CHANNEL_ARRAY,
QCA_WLAN_VENDOR_ATTR_OCB_SET_CONFIG_NDL_ACTIVE_STATE_ARRAY,
QCA_WLAN_VENDOR_ATTR_OCB_SET_CONFIG_CHANNEL_ARRAY used without
validation.

validate NLA attributes.

CRs-Fixed: 2025619
Change-Id: Ib5aae0d89b06913ec57ce446a2bd8925d125dfea

core/hdd/src/wlan_hdd_ocb.c

diff --git a/core/hdd/src/wlan_hdd_ocb.c b/core/hdd/src/wlan_hdd_ocb.c
index 4a85c2b..eb58b8e 100644
--- a/core/hdd/src/wlan_hdd_ocb.c
+++ b/core/hdd/src/wlan_hdd_ocb.c
@@ -824,10 +824,18 @@
 		tb[QCA_WLAN_VENDOR_ATTR_OCB_SET_CONFIG_SCHEDULE_SIZE]);
 
 	/* Get the ndl chan array and the ndl active state array. */
+	if (!tb[QCA_WLAN_VENDOR_ATTR_OCB_SET_CONFIG_NDL_CHANNEL_ARRAY]) {
+		hdd_err("NDL_CHANNEL_ARRAY is not present");
+		return -EINVAL;
+	}
 	ndl_chan_list =
 		tb[QCA_WLAN_VENDOR_ATTR_OCB_SET_CONFIG_NDL_CHANNEL_ARRAY];
 	ndl_chan_list_len = (ndl_chan_list ? nla_len(ndl_chan_list) : 0);
 
+	if (!tb[QCA_WLAN_VENDOR_ATTR_OCB_SET_CONFIG_NDL_ACTIVE_STATE_ARRAY]) {
+		hdd_err("NDL_ACTIVE_STATE_ARRAY is not present");
+		return -EINVAL;
+	}
 	ndl_active_state_list =
 		tb[QCA_WLAN_VENDOR_ATTR_OCB_SET_CONFIG_NDL_ACTIVE_STATE_ARRAY];
 	ndl_active_state_list_len = (ndl_active_state_list ?
@@ -851,6 +859,10 @@
 	config->flags = flags;
 
 	/* Read the channel array */
+	if (!tb[QCA_WLAN_VENDOR_ATTR_OCB_SET_CONFIG_CHANNEL_ARRAY]) {
+		hdd_err("CHANNEL_ARRAY is not present");
+		return -EINVAL;
+	}
 	channel_array = tb[QCA_WLAN_VENDOR_ATTR_OCB_SET_CONFIG_CHANNEL_ARRAY];
 	if (!channel_array) {
 		hdd_err("No channel present");