qcacld-3.0: Avoid Integer underflow in hdd_dns_make_name_query

In the function hdd_dns_make_name_query, the driver is performing a
validation check that includes the use of length of the received string
as an array index. As the length and string both are user controlled,
the user can send the length as zero. As the policy states that the
given attribute is NLA_BINARY, so there would be no validation check
that can ensure the correct input. Therefore in the case of a malformed
packet with null length string, it can cause a possible integer
underflow.

To avoid this vulnerability change the attribute type from NLA_BINARY to
NLA_NUL_STRING. This will cause all the checks to be performed at
validate_nla.

Change-Id: I0bb569b71a88a07745d364dad23cf1210af4212e
CRs-Fixed: 2409913

0 files changed, 0 insertions, 0 deletions