From 18fb30a45bc830e997f5d55132cd912d5bd5c5c7 Mon Sep 17 00:00:00 2001 From: Jeff Johnson Date: Sun, 6 May 2018 13:49:12 -0700 Subject: qcacld-3.0: Fix NDP Config QoS policy The qca_wlan_vendor_ndp_policy for the attribute QCA_WLAN_VENDOR_ATTR_NDP_CONFIG_QOS currently specifies type NLA_BINARY with a maximum length of NDP_QOS_INFO_LEN (255). However this attribute is defined to be an unsigned 32 bit value, and nla_get_u32() is used to read the value, so change the policy to use type NLA_U32 so that nla_parse() can properly verify that the TLV payload has (at least) 4 bytes of data. Change-Id: Iee5b620ef199b731fc6a449d0055db328430921b CRs-Fixed: 2236890 --- core/hdd/src/wlan_hdd_nan_datapath.c | 3 +-- core/hdd/src/wlan_hdd_nan_datapath.h | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/core/hdd/src/wlan_hdd_nan_datapath.c b/core/hdd/src/wlan_hdd_nan_datapath.c index 2bf01f19d61a..ecaa09979ad1 100644 --- a/core/hdd/src/wlan_hdd_nan_datapath.c +++ b/core/hdd/src/wlan_hdd_nan_datapath.c @@ -46,8 +46,7 @@ qca_wlan_vendor_ndp_policy[QCA_WLAN_VENDOR_ATTR_NDP_PARAMS_MAX + 1] = { .type = NLA_UNSPEC, .len = QDF_MAC_ADDR_SIZE }, [QCA_WLAN_VENDOR_ATTR_NDP_CONFIG_SECURITY] = { .type = NLA_U16 }, - [QCA_WLAN_VENDOR_ATTR_NDP_CONFIG_QOS] = { .type = NLA_BINARY, - .len = NDP_QOS_INFO_LEN }, + [QCA_WLAN_VENDOR_ATTR_NDP_CONFIG_QOS] = { .type = NLA_U32 }, [QCA_WLAN_VENDOR_ATTR_NDP_APP_INFO] = { .type = NLA_BINARY, .len = NDP_APP_INFO_LEN }, [QCA_WLAN_VENDOR_ATTR_NDP_INSTANCE_ID] = { .type = NLA_U32 }, diff --git a/core/hdd/src/wlan_hdd_nan_datapath.h b/core/hdd/src/wlan_hdd_nan_datapath.h index 2b3c0e098dd3..3e9b85477303 100644 --- a/core/hdd/src/wlan_hdd_nan_datapath.h +++ b/core/hdd/src/wlan_hdd_nan_datapath.h @@ -36,7 +36,6 @@ struct wireless_dev; #define NAN_SOCIAL_CHANNEL_5GHZ_UPPER_BAND 149 #define NDP_APP_INFO_LEN 255 -#define NDP_QOS_INFO_LEN 255 #define NDP_PMK_LEN 32 #define NDP_SCID_BUF_LEN 256 #define NDP_NUM_INSTANCE_ID 255 -- cgit v1.2.3