qcwcn: Heap-buffer-overflow in register_monitor_sock() of wifi hal am: 0ed8dbf042
Change-Id: Id4458dba85b590cc2aed4dedf1ccfd3f93f43f29
diff --git a/cld80211-lib/Android.mk b/cld80211-lib/Android.mk
index f2b93f7..76d49fb 100644
--- a/cld80211-lib/Android.mk
+++ b/cld80211-lib/Android.mk
@@ -9,8 +9,7 @@
LOCAL_SHARED_LIBRARIES := libcutils libnl liblog
LOCAL_SRC_FILES := cld80211_lib.c
LOCAL_CFLAGS += -Wall -Werror -Wno-unused-parameter
-LOCAL_COPY_HEADERS_TO := cld80211-lib
-LOCAL_COPY_HEADERS := cld80211_lib.h
+LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)
LOCAL_VENDOR_MODULE := true
include $(BUILD_SHARED_LIBRARY)
diff --git a/qcwcn/wifi_hal/Android.mk b/qcwcn/wifi_hal/Android.mk
index bb31fe7..3d872bb 100644
--- a/qcwcn/wifi_hal/Android.mk
+++ b/qcwcn/wifi_hal/Android.mk
@@ -48,16 +48,14 @@
LOCAL_CFLAGS += -Wall -Werror
# Allow implicit fallthrough in nan_ind.cpp:834 until it is fixed.
-LOCAL_CFLAGS += -Wno-error=implicit-fallthrough
+LOCAL_CFLAGS += -Wno-implicit-fallthrough
LOCAL_C_INCLUDES += \
$(LOCAL_PATH) \
external/libnl/include \
$(call include-path-for, libhardware_legacy)/hardware_legacy \
external/wpa_supplicant_8/src/drivers \
- $(TARGET_OUT_HEADERS)/libwpa_client \
$(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr/include \
- $(TARGET_OUT_HEADERS)/cld80211-lib
LOCAL_SRC_FILES := \
list.cpp \
@@ -114,16 +112,14 @@
LOCAL_CLANG_CFLAGS := -Wno-pointer-bool-conversion
# Allow implicit fallthrough in nan_ind.cpp:834 until it is fixed.
-LOCAL_CFLAGS += -Wno-error=implicit-fallthrough
+LOCAL_CFLAGS += -Wno-implicit-fallthrough
LOCAL_C_INCLUDES += \
$(LOCAL_PATH) \
external/libnl/include \
$(call include-path-for, libhardware_legacy)/hardware_legacy \
external/wpa_supplicant_8/src/drivers \
- $(TARGET_OUT_HEADERS)/libwpa_client \
$(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr/include \
- $(TARGET_OUT_HEADERS)/cld80211-lib
LOCAL_SRC_FILES := \
list.cpp \
diff --git a/qcwcn/wifi_hal/ifaceeventhandler.cpp b/qcwcn/wifi_hal/ifaceeventhandler.cpp
index 8750999..ae7b491 100644
--- a/qcwcn/wifi_hal/ifaceeventhandler.cpp
+++ b/qcwcn/wifi_hal/ifaceeventhandler.cpp
@@ -244,7 +244,7 @@
return -EINVAL;
}
mSet = nla_get_u32(tb_vendor[QCA_WLAN_VENDOR_ATTR_FEATURE_SET]);
- ALOGV("Supported feature set : %x", mSet);
+ ALOGV("Supported feature set : 0x%" PRIx64, mSet);
break;
}
@@ -304,7 +304,7 @@
__func__);
for(i = 0; i < *mSetSizePtr; i++)
{
- ALOGV("%x", *(mConcurrencySet + i));
+ ALOGV("0x%" PRIx64, *(mConcurrencySet + i));
}
}
}
diff --git a/qcwcn/wifi_hal/nan.cpp b/qcwcn/wifi_hal/nan.cpp
index 549b381..ac378fa 100644
--- a/qcwcn/wifi_hal/nan.cpp
+++ b/qcwcn/wifi_hal/nan.cpp
@@ -1260,6 +1260,7 @@
//error case should not happen print log
ALOGE("%s: Wrong NAN subcmd received %d", __FUNCTION__, mSubcmd);
}
+ mNanVendorEvent = NULL;
return NL_SKIP;
}
diff --git a/qcwcn/wifi_hal/nan_rsp.cpp b/qcwcn/wifi_hal/nan_rsp.cpp
index 721ab49..f0b9b1c 100644
--- a/qcwcn/wifi_hal/nan_rsp.cpp
+++ b/qcwcn/wifi_hal/nan_rsp.cpp
@@ -350,7 +350,7 @@
char tlvInfo[NAN_ERROR_STR_LEN];
tlvInfo[0] = '\0';
- if (isNanResponse() || (is_ndp_rsp == true)){
+ if ((is_ndp_rsp == true) || isNanResponse()) {
pRsp = (NanResponseMsg*)pResponse;
for (i = 0; i < (int)(sizeof(errorCodeTranslation)/ sizeof(errorCode)); i++) {
if (errorCodeTranslation[i].firmwareError == firmwareErrorRecvd) {
diff --git a/qcwcn/wifi_hal/wifi_hal.cpp b/qcwcn/wifi_hal/wifi_hal.cpp
index 61f7ee6..4576063 100644
--- a/qcwcn/wifi_hal/wifi_hal.cpp
+++ b/qcwcn/wifi_hal/wifi_hal.cpp
@@ -880,7 +880,7 @@
}
ALOGV("Initialized Wifi HAL Successfully; vendor cmd = %d Supported"
- " features : %x", NL80211_CMD_VENDOR, info->supported_feature_set);
+ " features : 0x%" PRIx64, NL80211_CMD_VENDOR, info->supported_feature_set);
cld80211_cleanup:
if (status != 0 || ret != WIFI_SUCCESS) {
@@ -1838,10 +1838,10 @@
ret = acquire_supported_features(iface, set);
if (ret != WIFI_SUCCESS) {
*set = info->supported_feature_set;
- ALOGV("Supported feature set acquired at initialization : %x", *set);
+ ALOGV("Supported feature set acquired at initialization : 0x%" PRIx64, *set);
} else {
info->supported_feature_set = *set;
- ALOGV("Supported feature set acquired : %x", *set);
+ ALOGV("Supported feature set acquired : 0x%" PRIx64, *set);
}
return WIFI_SUCCESS;
}
diff --git a/qcwcn/wifi_hal/wificonfig.cpp b/qcwcn/wifi_hal/wificonfig.cpp
index a2f0fb3..169e7d4 100644
--- a/qcwcn/wifi_hal/wificonfig.cpp
+++ b/qcwcn/wifi_hal/wificonfig.cpp
@@ -471,7 +471,7 @@
/* Check Supported low-latency capability */
if (!(info->supported_feature_set & WIFI_FEATURE_SET_LATENCY_MODE)) {
- ALOGE("%s: Set latency mode feature not supported %x", __FUNCTION__,
+ ALOGE("%s: Set latency mode feature not supported 0x%" PRIx64, __FUNCTION__,
info->supported_feature_set);
return WIFI_ERROR_NOT_SUPPORTED;
}
