shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-09 04:10:18 +09:00
Code Issues Packages Projects Releases Wiki Activity

net: wireless: rockchip_wlan: realtek wifi: p2p ioctl illegal parameter protect

Browse Source 
References: CNVD-C-2020-309986, CNVD-C-2020-309987, CNVD-C-2020-309988

Signed-off-by: Weiguo Hu <hwg@rock-chips.com>
Change-Id: I611e16f8155bac6431e0d786c29ef1425ff792d2
This commit is contained in:
Weiguo Hu
2021-01-05 20:29:33 +08:00
committed by Tao Huang
parent 6bb31db2cf
commit d9d3e43de1
11 changed files with 154 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
drivers/net/wireless/rockchip_wlan/rtl8188eu/os_dep/linux/ioctl_linux.c
View File

@@ -3967,6 +3967,9 @@ static int rtw_p2p_set_intent(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 intent = pwdinfo->intent;
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
intent = rtw_atoi(extra);
@@ -3992,6 +3995,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
listen_ch = rtw_atoi(extra);
@@ -4019,6 +4025,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
op_ch = (u8) rtw_atoi(extra);
@@ -12668,6 +12677,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq
extra = buffer;
handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV];
if (handler == NULL) {
err = -EINVAL;
goto exit;
}
err = handler(dev, NULL, &wdata, extra);
/* If we have to get some data */

14
drivers/net/wireless/rockchip_wlan/rtl8188fu/os_dep/linux/ioctl_linux.c
View File

@@ -3967,6 +3967,9 @@ static int rtw_p2p_set_intent(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 intent = pwdinfo->intent;
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
intent = rtw_atoi(extra);
@@ -3992,6 +3995,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
listen_ch = rtw_atoi(extra);
@@ -4019,6 +4025,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
op_ch = (u8) rtw_atoi(extra);
@@ -12668,6 +12677,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq
extra = buffer;
handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV];
if (handler == NULL) {
err = -EINVAL;
goto exit;
}
err = handler(dev, NULL, &wdata, extra);
/* If we have to get some data */

14
drivers/net/wireless/rockchip_wlan/rtl8189es/os_dep/linux/ioctl_linux.c
View File

@@ -4963,6 +4963,9 @@ static int rtw_p2p_set_intent(struct net_device *dev,
struct wifidirect_info *pwdinfo= &(padapter->wdinfo);
u8 intent = pwdinfo->intent;
if (wrqu->data.length >= 4096)
return -1;
extra[ wrqu->data.length ] = 0x00;
intent = rtw_atoi( extra );
@@ -4992,6 +4995,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo= &(padapter->wdinfo);
u8 listen_ch = pwdinfo->listen_channel; // Listen channel number
if (wrqu->data.length >= 4096)
return -1;
extra[ wrqu->data.length ] = 0x00;
listen_ch = rtw_atoi( extra );
@@ -5023,6 +5029,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo= &(padapter->wdinfo);
u8 op_ch = pwdinfo->operating_channel; // Operating channel number
if (wrqu->data.length >= 4096)
return -1;
extra[ wrqu->data.length ] = 0x00;
op_ch = ( u8 ) rtw_atoi( extra );
@@ -13797,6 +13806,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq
extra = buffer;
handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV];
if (handler == NULL) {
err = -EINVAL;
goto exit;
}
err = handler(dev, NULL, &wdata, extra);
/* If we have to get some data */

14
drivers/net/wireless/rockchip_wlan/rtl8189fs/os_dep/linux/ioctl_linux.c
View File

@@ -3967,6 +3967,9 @@ static int rtw_p2p_set_intent(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 intent = pwdinfo->intent;
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
intent = rtw_atoi(extra);
@@ -3992,6 +3995,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
listen_ch = rtw_atoi(extra);
@@ -4019,6 +4025,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
op_ch = (u8) rtw_atoi(extra);
@@ -12724,6 +12733,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq
extra = buffer;
handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV];
if (handler == NULL) {
err = -EINVAL;
goto exit;
}
err = handler(dev, NULL, &wdata, extra);
/* If we have to get some data */

14
drivers/net/wireless/rockchip_wlan/rtl8723bs/os_dep/linux/ioctl_linux.c
View File

@@ -4114,6 +4114,9 @@ static int rtw_p2p_set_intent(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 intent = pwdinfo->intent;
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
intent = rtw_atoi(extra);
@@ -4139,6 +4142,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
listen_ch = rtw_atoi(extra);
@@ -4166,6 +4172,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
op_ch = (u8) rtw_atoi(extra);
@@ -12918,6 +12927,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq
extra = buffer;
handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV];
if (handler == NULL) {
err = -EINVAL;
goto exit;
}
err = handler(dev, NULL, &wdata, extra);
/* If we have to get some data */

14
drivers/net/wireless/rockchip_wlan/rtl8723bu/os_dep/linux/ioctl_linux.c
View File

@@ -4916,6 +4916,9 @@ static int rtw_p2p_set_intent(struct net_device *dev,
struct wifidirect_info *pwdinfo= &(padapter->wdinfo);
u8 intent = pwdinfo->intent;
if (wrqu->data.length >= 4096)
return -1;
extra[ wrqu->data.length ] = 0x00;
intent = rtw_atoi( extra );
@@ -4945,6 +4948,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo= &(padapter->wdinfo);
u8 listen_ch = pwdinfo->listen_channel; // Listen channel number
if (wrqu->data.length >= 4096)
return -1;
extra[ wrqu->data.length ] = 0x00;
listen_ch = rtw_atoi( extra );
@@ -4976,6 +4982,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo= &(padapter->wdinfo);
u8 op_ch = pwdinfo->operating_channel; // Operating channel number
if(wrqu->data.length >= 4096)
return -1;
extra[ wrqu->data.length ] = 0x00;
op_ch = ( u8 ) rtw_atoi( extra );
@@ -13723,6 +13732,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq
extra = buffer;
handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV];
if (handler == NULL) {
err = -EINVAL;
goto exit;
}
err = handler(dev, NULL, &wdata, extra);
/* If we have to get some data */

14
drivers/net/wireless/rockchip_wlan/rtl8723cs/os_dep/linux/ioctl_linux.c
View File

@@ -3953,6 +3953,9 @@ static int rtw_p2p_set_intent(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 intent = pwdinfo->intent;
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
intent = rtw_atoi(extra);
@@ -3978,6 +3981,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
listen_ch = rtw_atoi(extra);
@@ -4005,6 +4011,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
op_ch = (u8) rtw_atoi(extra);
@@ -12877,6 +12886,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq
extra = buffer;
handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV];
if (handler == NULL) {
err = -EINVAL;
goto exit;
}
err = handler(dev, NULL, &wdata, extra);
/* If we have to get some data */

14
drivers/net/wireless/rockchip_wlan/rtl8723ds/os_dep/linux/ioctl_linux.c
View File

@@ -3973,6 +3973,9 @@ static int rtw_p2p_set_intent(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 intent = pwdinfo->intent;
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
intent = rtw_atoi(extra);
@@ -3998,6 +4001,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
listen_ch = rtw_atoi(extra);
@@ -4025,6 +4031,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
op_ch = (u8) rtw_atoi(extra);
@@ -12751,6 +12760,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq
extra = buffer;
handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV];
if (handler == NULL) {
err = -EINVAL;
goto exit;
}
err = handler(dev, NULL, &wdata, extra);
/* If we have to get some data */

14
drivers/net/wireless/rockchip_wlan/rtl8821cs/os_dep/linux/ioctl_linux.c
View File

@@ -3954,6 +3954,9 @@ static int rtw_p2p_set_intent(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 intent = pwdinfo->intent;
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
intent = rtw_atoi(extra);
@@ -3979,6 +3982,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
listen_ch = rtw_atoi(extra);
@@ -4006,6 +4012,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
op_ch = (u8) rtw_atoi(extra);
@@ -12878,6 +12887,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq
extra = buffer;
handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV];
if (handler == NULL) {
err = -EINVAL;
goto exit;
}
err = handler(dev, NULL, &wdata, extra);
/* If we have to get some data */

14
drivers/net/wireless/rockchip_wlan/rtl8822be/os_dep/linux/ioctl_linux.c
View File

@@ -4540,6 +4540,9 @@ static int rtw_p2p_set_intent(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 intent = pwdinfo->intent;
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
intent = rtw_atoi(extra);
@@ -4565,6 +4568,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
listen_ch = rtw_atoi(extra);
@@ -4592,6 +4598,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
op_ch = (u8) rtw_atoi(extra);
@@ -13056,6 +13065,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq
extra = buffer;
handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV];
if (handler == NULL) {
err = -EINVAL;
goto exit;
}
err = handler(dev, NULL, &wdata, extra);
/* If we have to get some data */

14
drivers/net/wireless/rockchip_wlan/rtl8822bs/os_dep/linux/ioctl_linux.c
View File

@@ -3962,6 +3962,9 @@ static int rtw_p2p_set_intent(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 intent = pwdinfo->intent;
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
intent = rtw_atoi(extra);
@@ -3987,6 +3990,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
listen_ch = rtw_atoi(extra);
@@ -4014,6 +4020,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev,
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */
if (wrqu->data.length >= 4096)
return -1;
extra[wrqu->data.length] = 0x00;
op_ch = (u8) rtw_atoi(extra);
@@ -12715,6 +12724,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq
extra = buffer;
handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV];
if (handler == NULL) {
err = -EINVAL;
goto exit;
}
err = handler(dev, NULL, &wdata, extra);
/* If we have to get some data */