diff options
author | Aleti Nageshwar Reddy <quic_anageshw@quicinc.com> | 2022-01-13 13:14:10 +0530 |
---|---|---|
committer | Hsiu-Chang Chen <hsiuchangchen@google.com> | 2022-01-14 09:59:57 +0800 |
commit | 27539fed98961e1908f9ac573580e153d268f99d (patch) | |
tree | 8a1ae063043ac67d2b18370c3ac388e42d4d27aa | |
parent | 1f38ec57383fdebf9ceec36c05719d5e6ab2ba1f (diff) | |
download | wlan-27539fed98961e1908f9ac573580e153d268f99d.tar.gz |
wifiHal: Fix possible overflow issue
Overflow may happen if request id is greater than max range of u8
type when trying to request driver/firmware version. Fix the issue by
not allowing request Id cross max range of u8 when trying to put with u8 api.
Bug: 213108298
Test: Device can get drirver version and firmware version
CRs-Fixed: 3107212
Change-Id: Ia42d9280d81f7019af025c4d5e7d4cb2e5ed916e
-rw-r--r-- | qcwcn/wifi_hal/common.h | 2 | ||||
-rw-r--r-- | qcwcn/wifi_hal/wifilogger.cpp | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/qcwcn/wifi_hal/common.h b/qcwcn/wifi_hal/common.h index 43b03ce..b0aca97 100644 --- a/qcwcn/wifi_hal/common.h +++ b/qcwcn/wifi_hal/common.h @@ -218,7 +218,9 @@ wifi_error wifi_virtual_interface_delete(wifi_handle handle, const char* ifname) #define max(x, y) ((x) > (y) ? (x) : (y)) #define REQUEST_ID_MAX 1000 +#define REQUEST_ID_U8_MAX 255 #define get_requestid() ((arc4random()%REQUEST_ID_MAX) + 1) +#define get_requestid_u8() ((arc4random()%REQUEST_ID_U8_MAX) + 1) #define WAIT_TIME_FOR_SET_REG_DOMAIN 50000 #ifndef UNUSED diff --git a/qcwcn/wifi_hal/wifilogger.cpp b/qcwcn/wifi_hal/wifilogger.cpp index caf1737..4ecfa95 100644 --- a/qcwcn/wifi_hal/wifilogger.cpp +++ b/qcwcn/wifi_hal/wifilogger.cpp @@ -365,7 +365,7 @@ wifi_error wifi_get_firmware_version(wifi_interface_handle iface, /* No request id from caller, so generate one and pass it on to the driver. * Generate one randomly. */ - requestId = get_requestid(); + requestId = get_requestid_u8(); wifiLoggerCommand = new WifiLoggerCommand( wifiHandle, @@ -426,7 +426,7 @@ wifi_error wifi_get_driver_version(wifi_interface_handle iface, /* No request id from caller, so generate one and pass it on to the driver. * Generate one randomly. */ - requestId = get_requestid(); + requestId = get_requestid_u8(); wifiLoggerCommand = new WifiLoggerCommand( wifiHandle, |