diff --git a/drivers/net/wireless/rockchip_wlan/rtl8188eu/os_dep/linux/ioctl_linux.c b/drivers/net/wireless/rockchip_wlan/rtl8188eu/os_dep/linux/ioctl_linux.c index d3a594599f45..10212ea3e46e 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8188eu/os_dep/linux/ioctl_linux.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8188eu/os_dep/linux/ioctl_linux.c @@ -3967,6 +3967,9 @@ static int rtw_p2p_set_intent(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 intent = pwdinfo->intent; + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; intent = rtw_atoi(extra); @@ -3992,6 +3995,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; listen_ch = rtw_atoi(extra); @@ -4019,6 +4025,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; op_ch = (u8) rtw_atoi(extra); @@ -12668,6 +12677,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq extra = buffer; handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV]; + if (handler == NULL) { + err = -EINVAL; + goto exit; + } + err = handler(dev, NULL, &wdata, extra); /* If we have to get some data */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8188fu/os_dep/linux/ioctl_linux.c b/drivers/net/wireless/rockchip_wlan/rtl8188fu/os_dep/linux/ioctl_linux.c index d3a594599f45..10212ea3e46e 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8188fu/os_dep/linux/ioctl_linux.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8188fu/os_dep/linux/ioctl_linux.c @@ -3967,6 +3967,9 @@ static int rtw_p2p_set_intent(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 intent = pwdinfo->intent; + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; intent = rtw_atoi(extra); @@ -3992,6 +3995,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; listen_ch = rtw_atoi(extra); @@ -4019,6 +4025,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; op_ch = (u8) rtw_atoi(extra); @@ -12668,6 +12677,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq extra = buffer; handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV]; + if (handler == NULL) { + err = -EINVAL; + goto exit; + } + err = handler(dev, NULL, &wdata, extra); /* If we have to get some data */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8189es/os_dep/linux/ioctl_linux.c b/drivers/net/wireless/rockchip_wlan/rtl8189es/os_dep/linux/ioctl_linux.c index e3c53bfc7774..b61a5b61659e 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8189es/os_dep/linux/ioctl_linux.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8189es/os_dep/linux/ioctl_linux.c @@ -4963,6 +4963,9 @@ static int rtw_p2p_set_intent(struct net_device *dev, struct wifidirect_info *pwdinfo= &(padapter->wdinfo); u8 intent = pwdinfo->intent; + if (wrqu->data.length >= 4096) + return -1; + extra[ wrqu->data.length ] = 0x00; intent = rtw_atoi( extra ); @@ -4992,6 +4995,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev, struct wifidirect_info *pwdinfo= &(padapter->wdinfo); u8 listen_ch = pwdinfo->listen_channel; // Listen channel number + if (wrqu->data.length >= 4096) + return -1; + extra[ wrqu->data.length ] = 0x00; listen_ch = rtw_atoi( extra ); @@ -5023,6 +5029,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev, struct wifidirect_info *pwdinfo= &(padapter->wdinfo); u8 op_ch = pwdinfo->operating_channel; // Operating channel number + if (wrqu->data.length >= 4096) + return -1; + extra[ wrqu->data.length ] = 0x00; op_ch = ( u8 ) rtw_atoi( extra ); @@ -13797,6 +13806,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq extra = buffer; handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV]; + if (handler == NULL) { + err = -EINVAL; + goto exit; + } + err = handler(dev, NULL, &wdata, extra); /* If we have to get some data */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8189fs/os_dep/linux/ioctl_linux.c b/drivers/net/wireless/rockchip_wlan/rtl8189fs/os_dep/linux/ioctl_linux.c index d7b4a6f158c8..2ec776fdf5e5 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8189fs/os_dep/linux/ioctl_linux.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8189fs/os_dep/linux/ioctl_linux.c @@ -3967,6 +3967,9 @@ static int rtw_p2p_set_intent(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 intent = pwdinfo->intent; + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; intent = rtw_atoi(extra); @@ -3992,6 +3995,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; listen_ch = rtw_atoi(extra); @@ -4019,6 +4025,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; op_ch = (u8) rtw_atoi(extra); @@ -12724,6 +12733,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq extra = buffer; handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV]; + if (handler == NULL) { + err = -EINVAL; + goto exit; + } + err = handler(dev, NULL, &wdata, extra); /* If we have to get some data */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8723bs/os_dep/linux/ioctl_linux.c b/drivers/net/wireless/rockchip_wlan/rtl8723bs/os_dep/linux/ioctl_linux.c index 8d3b120e5c6a..0834f7b9e576 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8723bs/os_dep/linux/ioctl_linux.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8723bs/os_dep/linux/ioctl_linux.c @@ -4114,6 +4114,9 @@ static int rtw_p2p_set_intent(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 intent = pwdinfo->intent; + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; intent = rtw_atoi(extra); @@ -4139,6 +4142,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; listen_ch = rtw_atoi(extra); @@ -4166,6 +4172,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; op_ch = (u8) rtw_atoi(extra); @@ -12918,6 +12927,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq extra = buffer; handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV]; + if (handler == NULL) { + err = -EINVAL; + goto exit; + } + err = handler(dev, NULL, &wdata, extra); /* If we have to get some data */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8723bu/os_dep/linux/ioctl_linux.c b/drivers/net/wireless/rockchip_wlan/rtl8723bu/os_dep/linux/ioctl_linux.c index 4fa7b4f4e609..fea693a71342 100755 --- a/drivers/net/wireless/rockchip_wlan/rtl8723bu/os_dep/linux/ioctl_linux.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8723bu/os_dep/linux/ioctl_linux.c @@ -4916,6 +4916,9 @@ static int rtw_p2p_set_intent(struct net_device *dev, struct wifidirect_info *pwdinfo= &(padapter->wdinfo); u8 intent = pwdinfo->intent; + if (wrqu->data.length >= 4096) + return -1; + extra[ wrqu->data.length ] = 0x00; intent = rtw_atoi( extra ); @@ -4945,6 +4948,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev, struct wifidirect_info *pwdinfo= &(padapter->wdinfo); u8 listen_ch = pwdinfo->listen_channel; // Listen channel number + if (wrqu->data.length >= 4096) + return -1; + extra[ wrqu->data.length ] = 0x00; listen_ch = rtw_atoi( extra ); @@ -4976,6 +4982,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev, struct wifidirect_info *pwdinfo= &(padapter->wdinfo); u8 op_ch = pwdinfo->operating_channel; // Operating channel number + if(wrqu->data.length >= 4096) + return -1; + extra[ wrqu->data.length ] = 0x00; op_ch = ( u8 ) rtw_atoi( extra ); @@ -13723,6 +13732,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq extra = buffer; handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV]; + if (handler == NULL) { + err = -EINVAL; + goto exit; + } + err = handler(dev, NULL, &wdata, extra); /* If we have to get some data */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8723cs/os_dep/linux/ioctl_linux.c b/drivers/net/wireless/rockchip_wlan/rtl8723cs/os_dep/linux/ioctl_linux.c index 214db575739e..8144ad100a2e 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8723cs/os_dep/linux/ioctl_linux.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8723cs/os_dep/linux/ioctl_linux.c @@ -3953,6 +3953,9 @@ static int rtw_p2p_set_intent(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 intent = pwdinfo->intent; + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; intent = rtw_atoi(extra); @@ -3978,6 +3981,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; listen_ch = rtw_atoi(extra); @@ -4005,6 +4011,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; op_ch = (u8) rtw_atoi(extra); @@ -12877,6 +12886,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq extra = buffer; handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV]; + if (handler == NULL) { + err = -EINVAL; + goto exit; + } + err = handler(dev, NULL, &wdata, extra); /* If we have to get some data */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8723ds/os_dep/linux/ioctl_linux.c b/drivers/net/wireless/rockchip_wlan/rtl8723ds/os_dep/linux/ioctl_linux.c index 0f1ee28f5bf2..6c4853b6f1d7 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8723ds/os_dep/linux/ioctl_linux.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8723ds/os_dep/linux/ioctl_linux.c @@ -3973,6 +3973,9 @@ static int rtw_p2p_set_intent(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 intent = pwdinfo->intent; + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; intent = rtw_atoi(extra); @@ -3998,6 +4001,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; listen_ch = rtw_atoi(extra); @@ -4025,6 +4031,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; op_ch = (u8) rtw_atoi(extra); @@ -12751,6 +12760,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq extra = buffer; handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV]; + if (handler == NULL) { + err = -EINVAL; + goto exit; + } + err = handler(dev, NULL, &wdata, extra); /* If we have to get some data */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8821cs/os_dep/linux/ioctl_linux.c b/drivers/net/wireless/rockchip_wlan/rtl8821cs/os_dep/linux/ioctl_linux.c index 2e07282f64fa..dee2947d1d68 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8821cs/os_dep/linux/ioctl_linux.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8821cs/os_dep/linux/ioctl_linux.c @@ -3954,6 +3954,9 @@ static int rtw_p2p_set_intent(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 intent = pwdinfo->intent; + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; intent = rtw_atoi(extra); @@ -3979,6 +3982,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; listen_ch = rtw_atoi(extra); @@ -4006,6 +4012,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; op_ch = (u8) rtw_atoi(extra); @@ -12878,6 +12887,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq extra = buffer; handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV]; + if (handler == NULL) { + err = -EINVAL; + goto exit; + } + err = handler(dev, NULL, &wdata, extra); /* If we have to get some data */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8822be/os_dep/linux/ioctl_linux.c b/drivers/net/wireless/rockchip_wlan/rtl8822be/os_dep/linux/ioctl_linux.c index dacec2d3524e..fef5d97d4582 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8822be/os_dep/linux/ioctl_linux.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8822be/os_dep/linux/ioctl_linux.c @@ -4540,6 +4540,9 @@ static int rtw_p2p_set_intent(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 intent = pwdinfo->intent; + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; intent = rtw_atoi(extra); @@ -4565,6 +4568,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; listen_ch = rtw_atoi(extra); @@ -4592,6 +4598,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; op_ch = (u8) rtw_atoi(extra); @@ -13056,6 +13065,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq extra = buffer; handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV]; + if (handler == NULL) { + err = -EINVAL; + goto exit; + } + err = handler(dev, NULL, &wdata, extra); /* If we have to get some data */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8822bs/os_dep/linux/ioctl_linux.c b/drivers/net/wireless/rockchip_wlan/rtl8822bs/os_dep/linux/ioctl_linux.c index 1445678d9986..38c4ca7fd91f 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8822bs/os_dep/linux/ioctl_linux.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8822bs/os_dep/linux/ioctl_linux.c @@ -3962,6 +3962,9 @@ static int rtw_p2p_set_intent(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 intent = pwdinfo->intent; + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; intent = rtw_atoi(extra); @@ -3987,6 +3990,9 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 listen_ch = pwdinfo->listen_channel; /* Listen channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; listen_ch = rtw_atoi(extra); @@ -4014,6 +4020,9 @@ static int rtw_p2p_set_op_ch(struct net_device *dev, struct wifidirect_info *pwdinfo = &(padapter->wdinfo); u8 op_ch = pwdinfo->operating_channel; /* Operating channel number */ + if (wrqu->data.length >= 4096) + return -1; + extra[wrqu->data.length] = 0x00; op_ch = (u8) rtw_atoi(extra); @@ -12715,6 +12724,11 @@ static int _rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq extra = buffer; handler = priv[priv_args[k].cmd - SIOCIWFIRSTPRIV]; + if (handler == NULL) { + err = -EINVAL; + goto exit; + } + err = handler(dev, NULL, &wdata, extra); /* If we have to get some data */