qcacld-2.0: Fix buffer over read in iwpriv WE_UNIT_TEST_CMD command

In current driver, WE_UNIT_TEST_CMD has below problem.
- apps_arg[1] can have zero value and can lead to
  buffer overead

Change the code to handle the number of args if user has
given zero.

CRs-Fixed: 1029540
Change-Id: Idc8e1d77d9623daeb98d0c4b7ad8a8d6cfa9c2d2

1 files changed, 2 insertions, 3 deletions

diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index fd738dac6bce..33d4dfdead53 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c
@@ -9072,7 +9072,7 @@ static int __iw_set_var_ints_getnone(struct net_device *dev,
                 }
                 if ((apps_args[1] > (WMA_MAX_NUM_ARGS)) ||
                     (apps_args[1] < 0)) {
-                    hddLog(LOGE, FL("Too Many args %d"), apps_args[1]);
+                    hddLog(LOGE, FL("Too Many/Few args %d"), apps_args[1]);
                     return -EINVAL;
                 }
                 unitTestArgs = vos_mem_malloc(sizeof(*unitTestArgs));
@@ -9084,8 +9084,7 @@ static int __iw_set_var_ints_getnone(struct net_device *dev,
                 unitTestArgs->vdev_id            = (int)pAdapter->sessionId;
                 unitTestArgs->module_id          = apps_args[0];
                 unitTestArgs->num_args           = apps_args[1];
-                for (i = 0, j = 2; i < unitTestArgs->num_args - 1;
-                     i++, j++) {
+                for (i = 0, j = 2; i < unitTestArgs->num_args; i++, j++) {
                     unitTestArgs->args[i] = apps_args[j];
                 }
                 msg.type = SIR_HAL_UNIT_TEST_CMD;