diff options
author | Subhani Shaik <subhanis@codeaurora.org> | 2016-04-13 19:15:53 +0530 |
---|---|---|
committer | Etan Cohen <etancohen@google.com> | 2016-05-03 07:39:49 -0700 |
commit | 0eb820e5aa5689413367985d056e8f66d08ca30b (patch) | |
tree | 1b974155af41382eb101c4939951fdf10aa38c01 /qcwcn | |
parent | 06674e86b6bc55c7312e02d1ad54d653cf940d24 (diff) | |
download | wlan-0eb820e5aa5689413367985d056e8f66d08ca30b.tar.gz |
WiFi-HAL: Validate gscan capabilities
driver/firmware can return invalid gscan_capabilities in some
cases and they can cause potential issues in framework.
max_scan_buckets is such gscan capability parameter which is
used by framework to allocate memory for the bucket configuration.
To avoid such issues, return failure to the
API wifi_get_gscan_capabilities() if max_scan_buckets is 0 or
failed to receive capabilities from driver.
Bug: 28530708
Diffstat (limited to 'qcwcn')
-rw-r--r-- | qcwcn/wifi_hal/gscan.cpp | 17 | ||||
-rw-r--r-- | qcwcn/wifi_hal/gscancommand.h | 2 |
2 files changed, 15 insertions, 4 deletions
diff --git a/qcwcn/wifi_hal/gscan.cpp b/qcwcn/wifi_hal/gscan.cpp index cf22b7f..3f36940 100644 --- a/qcwcn/wifi_hal/gscan.cpp +++ b/qcwcn/wifi_hal/gscan.cpp @@ -260,7 +260,11 @@ wifi_error wifi_get_gscan_capabilities(wifi_interface_handle handle, goto cleanup; } - gScanCommand->getGetCapabilitiesRspParams(capabilities); + ret = gScanCommand->getGetCapabilitiesRspParams(capabilities); + if (ret != 0) { + ALOGE("%s: invalid capabilities received:%d",__FUNCTION__, ret); + goto cleanup; + } cleanup: gScanCommand->freeRspParams(eGScanGetCapabilitiesRspParams); @@ -2727,17 +2731,24 @@ wifi_error GScanCommand::copyCachedScanResults( return ret; } -void GScanCommand::getGetCapabilitiesRspParams( +wifi_error GScanCommand::getGetCapabilitiesRspParams( wifi_gscan_capabilities *capabilities) { if (mGetCapabilitiesRspParams && capabilities) { + if (mGetCapabilitiesRspParams->capabilities.max_scan_buckets == 0) { + ALOGE("%s: max_scan_buckets is 0", __FUNCTION__); + return WIFI_ERROR_NOT_AVAILABLE; + } memcpy(capabilities, &mGetCapabilitiesRspParams->capabilities, sizeof(wifi_gscan_capabilities)); } else { - ALOGV("%s: mGetCapabilitiesRspParams is NULL", __FUNCTION__); + ALOGE("%s: mGetCapabilitiesRspParams is NULL", __FUNCTION__); + return WIFI_ERROR_NOT_AVAILABLE; } + + return WIFI_SUCCESS; } void GScanCommand::setMaxChannels(int max_channels) { diff --git a/qcwcn/wifi_hal/gscancommand.h b/qcwcn/wifi_hal/gscancommand.h index b75d744..012d819 100644 --- a/qcwcn/wifi_hal/gscancommand.h +++ b/qcwcn/wifi_hal/gscancommand.h @@ -125,7 +125,7 @@ public: virtual void setNumChannelsPtr(int *num_channels); virtual int allocRspParams(eGScanRspRarams cmd); virtual void freeRspParams(eGScanRspRarams cmd); - virtual void getGetCapabilitiesRspParams( + virtual wifi_error getGetCapabilitiesRspParams( wifi_gscan_capabilities *capabilities); virtual wifi_error copyCachedScanResults(int *numResults, wifi_cached_scan_results *cached_results); |