summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CORE/HDD/src/wlan_hdd_assoc.c11
-rw-r--r--CORE/HDD/src/wlan_hdd_cfg80211.c22
-rw-r--r--CORE/HDD/src/wlan_hdd_hostapd.c27
-rw-r--r--CORE/HDD/src/wlan_hdd_scan.c13
-rw-r--r--CORE/MAC/src/pe/lim/limSmeReqUtils.c38
-rw-r--r--CORE/SYS/legacy/src/utils/src/parserApi.c10
6 files changed, 103 insertions, 18 deletions
diff --git a/CORE/HDD/src/wlan_hdd_assoc.c b/CORE/HDD/src/wlan_hdd_assoc.c
index 75fc255bc775..43572b7c291a 100644
--- a/CORE/HDD/src/wlan_hdd_assoc.c
+++ b/CORE/HDD/src/wlan_hdd_assoc.c
@@ -5270,10 +5270,19 @@ static tANI_S32 hdd_ProcessGENIE(hdd_adapter_t *pAdapter,
pRsnIe = gen_ie + 2 + 4;
RSNIeLen = gen_ie_len - (2 + 4);
// Unpack the WPA IE
- dot11fUnpackIeWPA((tpAniSirGlobal) halHandle,
+ status = dot11fUnpackIeWPA((tpAniSirGlobal) halHandle,
pRsnIe,
RSNIeLen,
&dot11WPAIE);
+
+ if (DOT11F_FAILED(status))
+ {
+ hddLog(LOGE,
+ FL("Parse failure in hdd_ProcessGENIE (0x%08x)"),
+ status);
+ return -EINVAL;
+ }
+
// Copy out the encryption and authentication types
hddLog(LOG1, FL("%s: WPA unicast cipher suite count: %d"),
__func__, dot11WPAIE.unicast_cipher_count );
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 395fb6ccfaf0..cf0ce9d1fe82 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -16541,13 +16541,22 @@ static bool wlan_hdd_get_sap_obss(hdd_adapter_t *pHostapdAdapter)
hdd_context_t *hdd_ctx = WLAN_HDD_GET_CTX(pHostapdAdapter);
beacon_data_t *beacon = pHostapdAdapter->sessionCtx.ap.beacon;
uint8_t *ie = NULL;
+ uint32_t status;
ie = wlan_hdd_cfg80211_get_ie_ptr(beacon->tail, beacon->tail_len,
WLAN_EID_HT_CAPABILITY);
if (ie && ie[1]) {
vos_mem_copy(ht_cap_ie, &ie[2], DOT11F_IE_HTCAPS_MAX_LEN);
- dot11fUnpackIeHTCaps((tpAniSirGlobal)hdd_ctx->hHal, ht_cap_ie, ie[1],
+ status = dot11fUnpackIeHTCaps((tpAniSirGlobal)hdd_ctx->hHal, ht_cap_ie, ie[1],
&dot11_ht_cap_ie);
+ if (DOT11F_FAILED(status))
+ {
+ hddLog(LOGE,
+ FL("unpack failed for HT Caps status:(0x%08x)"),
+ status);
+ return false;
+ }
+
return dot11_ht_cap_ie.supportedChannelWidthSet;
}
@@ -24620,6 +24629,7 @@ static int wlan_hdd_cfg80211_set_privacy_ibss(
)
{
int status = 0;
+ tANI_U32 ret;
hdd_wext_state_t *pWextState = WLAN_HDD_GET_WEXT_STATE_PTR(pAdapter);
eCsrEncryptionType encryptionType = eCSR_ENCRYPT_TYPE_NONE;
hdd_station_ctx_t *pHddStaCtx = WLAN_HDD_GET_STATION_CTX_PTR(pAdapter);
@@ -24658,10 +24668,18 @@ static int wlan_hdd_cfg80211_set_privacy_ibss(
}
// Unpack the WPA IE
//Skip past the EID byte and length byte - and four byte WiFi OUI
- dot11fUnpackIeWPA((tpAniSirGlobal) halHandle,
+ ret = dot11fUnpackIeWPA((tpAniSirGlobal) halHandle,
&ie[2+4],
ie[1] - 4,
&dot11WPAIE);
+ if (DOT11F_FAILED(ret))
+ {
+ hddLog(LOGE,
+ FL("unpack failed status:(0x%08x)"),
+ ret);
+ return -EINVAL;
+ }
+
/*Extract the multicast cipher, the encType for unicast
cipher for wpa-none is none*/
encryptionType =
diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c
index 2df005d105ab..788e93ece439 100644
--- a/CORE/HDD/src/wlan_hdd_hostapd.c
+++ b/CORE/HDD/src/wlan_hdd_hostapd.c
@@ -3225,17 +3225,18 @@ int hdd_softap_unpackIE(
tANI_U8 *pRsnIe;
tANI_U16 RSNIeLen;
+ tANI_U32 status;
if (NULL == halHandle)
{
hddLog(LOGE, FL("Error haHandle returned NULL"));
- return -EINVAL;
+ return VOS_STATUS_E_FAILURE;
}
// Validity checks
if ((gen_ie_len < VOS_MIN(DOT11F_IE_RSN_MIN_LEN, DOT11F_IE_WPA_MIN_LEN)) ||
(gen_ie_len > VOS_MAX(DOT11F_IE_RSN_MAX_LEN, DOT11F_IE_WPA_MAX_LEN)) )
- return -EINVAL;
+ return VOS_STATUS_E_FAILURE;
// Type check
if ( gen_ie[0] == DOT11F_EID_RSN)
{
@@ -3250,10 +3251,18 @@ int hdd_softap_unpackIE(
RSNIeLen = gen_ie_len - 2;
// Unpack the RSN IE
memset(&dot11RSNIE, 0, sizeof(tDot11fIERSN));
- dot11fUnpackIeRSN((tpAniSirGlobal) halHandle,
+ status = dot11fUnpackIeRSN((tpAniSirGlobal) halHandle,
pRsnIe,
RSNIeLen,
&dot11RSNIE);
+ if (DOT11F_FAILED(status))
+ {
+ hddLog(LOGE,
+ FL("unpack failed for RSN IE status:(0x%08x)"),
+ status);
+ return VOS_STATUS_E_FAILURE;
+ }
+
// Copy out the encryption and authentication types
hddLog(LOG1, FL("%s: pairwise cipher suite count: %d"),
__func__, dot11RSNIE.pwise_cipher_suite_count );
@@ -3286,11 +3295,19 @@ int hdd_softap_unpackIE(
RSNIeLen = gen_ie_len - (2 + 4);
// Unpack the WPA IE
memset(&dot11WPAIE, 0, sizeof(tDot11fIEWPA));
- dot11fUnpackIeWPA((tpAniSirGlobal) halHandle,
+ status = dot11fUnpackIeWPA((tpAniSirGlobal) halHandle,
pRsnIe,
RSNIeLen,
&dot11WPAIE);
- // Copy out the encryption and authentication types
+ if (DOT11F_FAILED(status))
+ {
+ hddLog(LOGE,
+ FL("unpack failed for WPA IE status:(0x%08x)"),
+ status);
+ return VOS_STATUS_E_FAILURE;
+ }
+
+ // Copy out the encryption and authentication types
hddLog(LOG1, FL("%s: WPA unicast cipher suite count: %d"),
__func__, dot11WPAIE.unicast_cipher_count );
hddLog(LOG1, FL("%s: WPA authentication suite count: %d"),
diff --git a/CORE/HDD/src/wlan_hdd_scan.c b/CORE/HDD/src/wlan_hdd_scan.c
index 73630b9a2e5e..31b0433ac58c 100644
--- a/CORE/HDD/src/wlan_hdd_scan.c
+++ b/CORE/HDD/src/wlan_hdd_scan.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2017 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -211,6 +211,7 @@ static eHalStatus hdd_IndicateScanResult(hdd_scan_info_t *scanInfo, tCsrScanResu
int error;
char custom[MAX_CUSTOM_LEN];
char *p;
+ tANI_U32 status;
hddLog( LOG1, "hdd_IndicateScanResult " MAC_ADDRESS_STR,
MAC_ADDR_ARRAY(descriptor->bssId));
@@ -339,12 +340,18 @@ static eHalStatus hdd_IndicateScanResult(hdd_scan_info_t *scanInfo, tCsrScanResu
pDot11IEHTCaps = NULL;
- dot11fUnpackBeaconIEs ((tpAniSirGlobal)
+ status = dot11fUnpackBeaconIEs ((tpAniSirGlobal)
hHal, (tANI_U8 *) descriptor->ieFields, ie_length, &dot11BeaconIEs);
+ if (DOT11F_FAILED(status))
+ {
+ hddLog(LOGE,
+ FL("unpack failed for Beacon IE status:(0x%08x)"),
+ status);
+ return eHAL_STATUS_FAILURE;
+ }
pDot11SSID = &dot11BeaconIEs.SSID;
-
if (pDot11SSID->present ) {
last_event = current_event;
vos_mem_zero (&event, sizeof (struct iw_event));
diff --git a/CORE/MAC/src/pe/lim/limSmeReqUtils.c b/CORE/MAC/src/pe/lim/limSmeReqUtils.c
index c0c86a5a9b30..43c252b681d0 100644
--- a/CORE/MAC/src/pe/lim/limSmeReqUtils.c
+++ b/CORE/MAC/src/pe/lim/limSmeReqUtils.c
@@ -261,6 +261,7 @@ limSetRSNieWPAiefromSmeStartBSSReqMessage(tpAniSirGlobal pMac,
{
tANI_U8 wpaIndex = 0;
tANI_U32 privacy, val;
+ tANI_U32 status;
if (wlan_cfgGetInt(pMac, WNI_CFG_PRIVACY_ENABLED,
&privacy) != eSIR_SUCCESS)
@@ -331,9 +332,16 @@ limSetRSNieWPAiefromSmeStartBSSReqMessage(tpAniSirGlobal pMac,
limLog(pMac,
LOG1,
FL("Only RSN IE is present"));
- dot11fUnpackIeRSN(pMac,&pRSNie->rsnIEdata[2],
+ status = dot11fUnpackIeRSN(pMac,&pRSNie->rsnIEdata[2],
pRSNie->rsnIEdata[1],
&pSessionEntry->gStartBssRSNIe);
+ if (!DOT11F_SUCCEEDED(status))
+ {
+ limLog(pMac,
+ LOGE,FL("unpack failed for RSN IE (0x%08x)"),
+ status);
+ return false;
+ }
return true;
}
else if ((pRSNie->length == pRSNie->rsnIEdata[1] + 2) &&
@@ -343,9 +351,16 @@ limSetRSNieWPAiefromSmeStartBSSReqMessage(tpAniSirGlobal pMac,
LOG1,
FL("Only WPA IE is present"));
- dot11fUnpackIeWPA(pMac,&pRSNie->rsnIEdata[6],
+ status = dot11fUnpackIeWPA(pMac,&pRSNie->rsnIEdata[6],
pRSNie->rsnIEdata[1] - 4,
&pSessionEntry->gStartBssWPAIe);
+ if (!DOT11F_SUCCEEDED(status))
+ {
+ limLog(pMac,
+ LOGE,FL("unpack failed for WPA IE (0x%08x)"),
+ status);
+ return false;
+ }
return true;
}
@@ -368,13 +383,26 @@ limSetRSNieWPAiefromSmeStartBSSReqMessage(tpAniSirGlobal pMac,
else
{
/* Both RSN and WPA IEs are present */
- dot11fUnpackIeRSN(pMac,&pRSNie->rsnIEdata[2],
+ status = dot11fUnpackIeRSN(pMac,&pRSNie->rsnIEdata[2],
pRSNie->rsnIEdata[1], &pSessionEntry->gStartBssRSNIe);
+ if (!DOT11F_SUCCEEDED(status))
+ {
+ limLog(pMac,
+ LOGE,FL("unpack failed for RSN IE (0x%08x)"),
+ status);
+ return false;
+ }
- dot11fUnpackIeWPA(pMac,&pRSNie->rsnIEdata[wpaIndex + 6],
+ status = dot11fUnpackIeWPA(pMac,&pRSNie->rsnIEdata[wpaIndex + 6],
pRSNie->rsnIEdata[wpaIndex + 1]-4,
&pSessionEntry->gStartBssWPAIe);
-
+ if (!DOT11F_SUCCEEDED(status))
+ {
+ limLog(pMac,
+ LOGE,FL("unpack failed for WPA IE (0x%08x)"),
+ status);
+ return false;
+ }
}
}
else
diff --git a/CORE/SYS/legacy/src/utils/src/parserApi.c b/CORE/SYS/legacy/src/utils/src/parserApi.c
index 52f86adbced5..b9103e9182f3 100644
--- a/CORE/SYS/legacy/src/utils/src/parserApi.c
+++ b/CORE/SYS/legacy/src/utils/src/parserApi.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2017 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -5843,16 +5843,22 @@ tSirRetStatus PopulateDot11fAssocResWscIE(tpAniSirGlobal pMac,
{
tDot11fIEWscAssocReq parsedWscAssocReq = { 0, };
tANI_U8 *wscIe;
+ tANI_U32 status;
wscIe = limGetWscIEPtr(pMac, pRcvdAssocReq->addIE.addIEdata, pRcvdAssocReq->addIE.length);
if(wscIe != NULL)
{
// retreive WSC IE from given AssocReq
- dot11fUnpackIeWscAssocReq( pMac,
+ status = dot11fUnpackIeWscAssocReq( pMac,
wscIe + 2 + 4, // EID, length, OUI
wscIe[ 1 ] - 4, // length without OUI
&parsedWscAssocReq );
+ if (!DOT11F_SUCCEEDED(status))
+ {
+ limLog(pMac, LOGE, FL("Unpack wsc failed status: (0x%08x)"), status);
+ return eSIR_HAL_INPUT_INVALID;
+ }
pDot11f->present = 1;
// version has to be 0x10
pDot11f->Version.present = 1;
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-20 15:10:44 +0000