Revert "Keep history after reset to 3b5cc28"
This reverts commit 03fc9793f75df82fc04301f9b8be20f89a3a7589, reversing
changes made to 6bd30d1f13f8a9d9a86088cf7950461ef13dce44.
Signed-off-by: Patrick Tjin <pattjin@google.com>
Change-Id: I60bdde947e185f994de4d87c5375772e9e5c9a81
diff --git a/drivers/net/wireless/bcmdhd/wl_cfg80211.c b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
index f2ba9c8..1701a2e 100644
--- a/drivers/net/wireless/bcmdhd/wl_cfg80211.c
+++ b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
@@ -1174,10 +1174,12 @@
} else if (subelt_id == WPS_ID_DEVICE_NAME) {
char devname[100];
size_t namelen = MIN(subelt_len, sizeof(devname));
- memcpy(devname, subel, namelen);
- devname[namelen-1] = '\0';
- WL_DBG((" attr WPS_ID_DEVICE_NAME: %s (len %u)\n",
- devname, subelt_len));
+ if (namelen) {
+ memcpy(devname, subel, namelen);
+ devname[namelen - 1] = '\0';
+ WL_DBG((" attr WPS_ID_DEVICE_NAME: %s (len %u)\n",
+ devname, subelt_len));
+ }
} else if (subelt_id == WPS_ID_DEVICE_PWD_ID) {
valptr[0] = *subel;
valptr[1] = *(subel + 1);
@@ -2053,7 +2055,7 @@
ptr = (char*)params + offset;
for (i = 0; i < n_ssids; i++) {
memset(&ssid, 0, sizeof(wlc_ssid_t));
- ssid.SSID_len = request->ssids[i].ssid_len;
+ ssid.SSID_len = MIN((int)request->ssids[i].ssid_len, DOT11_MAX_SSID_LEN);
memcpy(ssid.SSID, request->ssids[i].ssid, ssid.SSID_len);
if (!ssid.SSID_len)
WL_SCAN(("%d: Broadcast scan\n", i));
@@ -3225,7 +3227,8 @@
WL_TRACE(("In\n"));
RETURN_EIO_IF_NOT_UP(cfg);
WL_INFORM(("JOIN BSSID:" MACDBG "\n", MAC2STRDBG(params->bssid)));
- if (!params->ssid || params->ssid_len <= 0) {
+ if (!params->ssid || params->ssid_len <= 0 ||
+ params->ssid_len > DOT11_MAX_SSID_LEN) {
WL_ERR(("Invalid parameter\n"));
return -EINVAL;
}
@@ -6515,16 +6518,16 @@
}
if ((info->ssid) && (info->ssid_len > 0) &&
- (info->ssid_len <= 32)) {
+ (info->ssid_len <= DOT11_MAX_SSID_LEN)) {
WL_DBG(("SSID (%s) len:%zd \n", info->ssid, info->ssid_len));
if (dev_role == NL80211_IFTYPE_AP) {
/* Store the hostapd SSID */
- memset(cfg->hostapd_ssid.SSID, 0x00, 32);
+ memset(cfg->hostapd_ssid.SSID, 0x00, DOT11_MAX_SSID_LEN);
memcpy(cfg->hostapd_ssid.SSID, info->ssid, info->ssid_len);
cfg->hostapd_ssid.SSID_len = info->ssid_len;
} else {
/* P2P GO */
- memset(cfg->p2p->ssid.SSID, 0x00, 32);
+ memset(cfg->p2p->ssid.SSID, 0x00, DOT11_MAX_SSID_LEN);
memcpy(cfg->p2p->ssid.SSID, info->ssid, info->ssid_len);
cfg->p2p->ssid.SSID_len = info->ssid_len;
}
@@ -6665,9 +6668,11 @@
memset(&join_params, 0, sizeof(join_params));
/* join parameters starts with ssid */
join_params_size = sizeof(join_params.ssid);
+ join_params.ssid.SSID_len = MIN(cfg->hostapd_ssid.SSID_len,
+ (uint32)DOT11_MAX_SSID_LEN);
memcpy(join_params.ssid.SSID, cfg->hostapd_ssid.SSID,
- cfg->hostapd_ssid.SSID_len);
- join_params.ssid.SSID_len = htod32(cfg->hostapd_ssid.SSID_len);
+ join_params.ssid.SSID_len);
+ join_params.ssid.SSID_len = htod32(join_params.ssid.SSID_len);
/* create softap */
if ((err = wldev_ioctl(dev, WLC_SET_SSID, &join_params,
@@ -7267,14 +7272,16 @@
DOT11_MNG_SSID_ID)) != NULL) {
if (dev_role == NL80211_IFTYPE_AP) {
/* Store the hostapd SSID */
- memset(&cfg->hostapd_ssid.SSID[0], 0x00, 32);
- memcpy(&cfg->hostapd_ssid.SSID[0], ssid_ie->data, ssid_ie->len);
- cfg->hostapd_ssid.SSID_len = ssid_ie->len;
+ memset(&cfg->hostapd_ssid.SSID[0], 0x00, DOT11_MAX_SSID_LEN);
+ cfg->hostapd_ssid.SSID_len = MIN((int)ssid_ie->len, DOT11_MAX_SSID_LEN);
+ memcpy(&cfg->hostapd_ssid.SSID[0], ssid_ie->data,
+ cfg->hostapd_ssid.SSID_len);
} else {
/* P2P GO */
- memset(&cfg->p2p->ssid.SSID[0], 0x00, 32);
- memcpy(cfg->p2p->ssid.SSID, ssid_ie->data, ssid_ie->len);
- cfg->p2p->ssid.SSID_len = ssid_ie->len;
+ memset(&cfg->p2p->ssid.SSID[0], 0x00, DOT11_MAX_SSID_LEN);
+ cfg->p2p->ssid.SSID_len = MIN((int)ssid_ie->len, DOT11_MAX_SSID_LEN);
+ memcpy(cfg->p2p->ssid.SSID, ssid_ie->data,
+ cfg->p2p->ssid.SSID_len);
}
}
@@ -7422,8 +7429,10 @@
ssid = &request->match_sets[i].ssid;
/* No need to include null ssid */
if (ssid->ssid_len) {
- memcpy(ssids_local[ssid_cnt].SSID, ssid->ssid, ssid->ssid_len);
- ssids_local[ssid_cnt].SSID_len = ssid->ssid_len;
+ ssids_local[ssid_cnt].SSID_len = MIN(ssid->ssid_len,
+ (uint32)DOT11_MAX_SSID_LEN);
+ memcpy(ssids_local[ssid_cnt].SSID, ssid->ssid,
+ ssids_local[ssid_cnt].SSID_len);
if (is_ssid_in_list(ssid, hidden_ssid_list, request->n_ssids)) {
ssids_local[ssid_cnt].hidden = TRUE;
WL_PNO((">>> PNO hidden SSID (%s) \n", ssid->ssid));
@@ -11837,8 +11846,8 @@
ssid = (wlc_ssid_t *) data;
memset(profile->ssid.SSID, 0,
sizeof(profile->ssid.SSID));
- memcpy(profile->ssid.SSID, ssid->SSID, ssid->SSID_len);
- profile->ssid.SSID_len = ssid->SSID_len;
+ profile->ssid.SSID_len = MIN(ssid->SSID_len, (uint32)DOT11_MAX_SSID_LEN);
+ memcpy(profile->ssid.SSID, ssid->SSID, profile->ssid.SSID_len);
break;
case WL_PROF_BSSID:
if (data)
@@ -11921,27 +11930,43 @@
static void wl_update_hidden_ap_ie(struct wl_bss_info *bi, u8 *ie_stream, u32 *ie_size, bool roam)
{
u8 *ssidie;
+ int32 ssid_len = MIN((int)bi->SSID_len, DOT11_MAX_SSID_LEN);
+ int32 remaining_ie_buf_len, available_buffer_len;
ssidie = (u8 *)cfg80211_find_ie(WLAN_EID_SSID, ie_stream, *ie_size);
- if (!ssidie)
+ /* ERROR out if
+ * 1. No ssid IE is FOUND or
+ * 2. New ssid length is > what was allocated for existing ssid (as
+ * we do not want to overwrite the rest of the IEs) or
+ * 3. If in case of erroneous buffer input where ssid length doesnt match the space
+ * allocated to it.
+ */
+ if (!ssidie) {
return;
- if (ssidie[1] != bi->SSID_len) {
+ }
+ available_buffer_len = ((int)(*ie_size)) - (ssidie + 2 - ie_stream);
+ remaining_ie_buf_len = available_buffer_len - (int)ssidie[1];
+ if ((ssid_len > ssidie[1]) ||
+ (ssidie[1] > available_buffer_len)) {
+ return;
+ }
+ if (ssidie[1] != ssid_len) {
if (ssidie[1]) {
WL_ERR(("%s: Wrong SSID len: %d != %d\n",
__FUNCTION__, ssidie[1], bi->SSID_len));
}
if (roam) {
WL_ERR(("Changing the SSID Info.\n"));
- memmove(ssidie + bi->SSID_len + 2,
+ memmove(ssidie + ssid_len + 2,
(ssidie + 2) + ssidie[1],
- *ie_size - (ssidie + 2 + ssidie[1] - ie_stream));
- memcpy(ssidie + 2, bi->SSID, bi->SSID_len);
- *ie_size = *ie_size + bi->SSID_len - ssidie[1];
- ssidie[1] = bi->SSID_len;
+ remaining_ie_buf_len);
+ memcpy(ssidie + 2, bi->SSID, ssid_len);
+ *ie_size = *ie_size + ssid_len - ssidie[1];
+ ssidie[1] = ssid_len;
}
return;
}
if (*(ssidie + 2) == '\0')
- memcpy(ssidie + 2, bi->SSID, bi->SSID_len);
+ memcpy(ssidie + 2, bi->SSID, ssid_len);
return;
}
diff --git a/drivers/platform/msm/ipa/rmnet_ipa.c b/drivers/platform/msm/ipa/rmnet_ipa.c
index bedf69a..a149a9e 100644
--- a/drivers/platform/msm/ipa/rmnet_ipa.c
+++ b/drivers/platform/msm/ipa/rmnet_ipa.c
@@ -1242,6 +1242,11 @@
rmnet_mux_val.mux_id);
return rc;
}
+ if (rmnet_index >= MAX_NUM_OF_MUX_CHANNEL) {
+ IPAWANERR("Exceed mux_channel limit(%d)\n",
+ rmnet_index);
+ return -EFAULT;
+ }
IPAWANDBG("ADD_MUX_CHANNEL(%d, name: %s)\n",
extend_ioctl_data.u.rmnet_mux_val.mux_id,
extend_ioctl_data.u.rmnet_mux_val.vchannel_name);
diff --git a/drivers/thermal/msm_thermal-dev.c b/drivers/thermal/msm_thermal-dev.c
index de38d96..33fd598 100644
--- a/drivers/thermal/msm_thermal-dev.c
+++ b/drivers/thermal/msm_thermal-dev.c
@@ -99,6 +99,16 @@
goto validate_exit;
}
break;
+ case MSM_THERMAL_GET_CLUSTER_FREQUENCY_PLAN:
+ if (query->clock_freq.cluster_num >= NR_CPUS) {
+ ret = -EINVAL;
+ goto validate_exit;
+ }
+ case MSM_THERMAL_GET_CLUSTER_VOLTAGE_PLAN:
+ if (query->voltage.cluster_num >= NR_CPUS) {
+ ret = -EINVAL;
+ goto validate_exit;
+ }
default:
break;
}