From f666222d91ba9036de650bf09aa6b05378ba8ec2 Mon Sep 17 00:00:00 2001
From: Srinivas Girigowda <sgirigow@codeaurora.org>
Date: Mon, 5 Dec 2016 16:50:02 -0800
Subject: qcacld-2.0: Check for zero length ssid

nla_parse will detect overflow but not underflow,
Add a check for zero length ssid.

Change-Id: I83f350f81f206a7a8c3ed7f1b5872e6cf995ae81
CRs-Fixed: 1059205
---
 CORE/HDD/src/wlan_hdd_cfg80211.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 5fd4af391708..58356e09fcc8 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -3154,8 +3154,13 @@ __wlan_hdd_cfg80211_extscan_set_ssid_hotlist(struct wiphy *wiphy,
 		ssid_length = nla_strlcpy(ssid_string,
 			   tb2[PARAM_SSID],
 			   sizeof(ssid_string));
-		hddLog(LOG1, FL("SSID %s"),
-		       ssid_string);
+
+		/* nla_parse will detect overflow but not underflow */
+		if (0 == ssid_length) {
+			hddLog(LOGE, FL("zero ssid length"));
+			goto fail;
+		}
+		hddLog(LOG1, FL("SSID %s"), ssid_string);
 		ssid_len = strlen(ssid_string);
 		if (ssid_length > SIR_MAC_MAX_SSID_LENGTH) {
 			hddLog(LOGE, FL("Invalid ssid length"));
-- 
cgit v1.2.3