qcacld: wma: validate wma buffer allocation length

Validate if command id's sent to firmware are greater than 0x800 bytes. Change-Id: I0e5ef29e28d3f90599ee103879cd9a420a205a7a CRs-Fixed: 730271
author: Manikandaraja Venkatachalapathy <vmanikan@qca.qualcomm.com> 2014-09-25 15:37:36 -0700
committer: AnjaneeDevi Kapparapu <c_akappa@qti.qualcomm.com> 2014-09-29 19:40:17 +0530
commit: e5cec185eb7b2f6b495de5f551b9999bd770a45d (patch)
tree: 959bfccfe586072832f41104c4478e51f87be56f
parent: 94180b6c1fd19d21d41afb8b23fd148c6233c81f (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/CORE/SERVICES/WMI/wmi_unified.c b/CORE/SERVICES/WMI/wmi_unified.c
index f1a4a700670b..799074352e93 100644
--- a/CORE/SERVICES/WMI/wmi_unified.c
+++ b/CORE/SERVICES/WMI/wmi_unified.c
@@ -51,6 +51,7 @@
 #endif
 
 #define WMI_MIN_HEAD_ROOM 64
+#define WMI_MAX_LEN_BYTES 2048
 
 #ifdef WMI_INTERFACE_EVENT_LOGGING
 /* WMI commands */
@@ -122,6 +123,11 @@ wmi_buf_alloc(wmi_unified_t wmi_handle, u_int16_t len)
 {
 	wmi_buf_t wmi_buf;
 
+	if (roundup(len + WMI_MIN_HEAD_ROOM, 4) >
+				WMI_MAX_LEN_BYTES) {
+		VOS_ASSERT(0);
+		return NULL;
+	}
 	wmi_buf = adf_nbuf_alloc(NULL, roundup(len + WMI_MIN_HEAD_ROOM, 4),
 				 WMI_MIN_HEAD_ROOM, 4, FALSE);
 	if (!wmi_buf)
author	Manikandaraja Venkatachalapathy <vmanikan@qca.qualcomm.com>	2014-09-25 15:37:36 -0700
committer	AnjaneeDevi Kapparapu <c_akappa@qti.qualcomm.com>	2014-09-29 19:40:17 +0530
commit	e5cec185eb7b2f6b495de5f551b9999bd770a45d (patch)
tree	959bfccfe586072832f41104c4478e51f87be56f
parent	94180b6c1fd19d21d41afb8b23fd148c6233c81f (diff)