diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2017-05-21 07:13:44 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2017-05-21 07:13:44 +0000 |
| commit | f135b4a26e7019418dda93451cb9245dd73e2604 (patch) | |
| tree | d1bc0c7b85709bb03751dc5516102b542c155319 | |
| parent | 2320119f500e1c6d56192069b91cb785aff29293 (diff) | |
| parent | b5b84fa6359e5e2a498568436f0965e3ca874061 (diff) | |
| download | platform_hardware_qcom_wlan-oreo-release.tar.gz platform_hardware_qcom_wlan-oreo-release.tar.bz2 platform_hardware_qcom_wlan-oreo-release.zip | |
release-request-c72e46fd-06a9-4104-bad3-f7ba8aeb3e1d-for-git_oc-release-4029917 snap-temp-L38800000066299680android-cts-8.0_r9android-cts-8.0_r8android-cts-8.0_r7android-cts-8.0_r6android-cts-8.0_r5android-cts-8.0_r4android-cts-8.0_r3android-cts-8.0_r24android-cts-8.0_r23android-cts-8.0_r22android-cts-8.0_r21android-cts-8.0_r20android-cts-8.0_r2android-cts-8.0_r19android-cts-8.0_r18android-cts-8.0_r17android-cts-8.0_r16android-cts-8.0_r15android-cts-8.0_r14android-cts-8.0_r13android-cts-8.0_r12android-cts-8.0_r11android-cts-8.0_r10android-cts-8.0_r1android-8.0.0_r9android-8.0.0_r7android-8.0.0_r50android-8.0.0_r49android-8.0.0_r48android-8.0.0_r47android-8.0.0_r46android-8.0.0_r45android-8.0.0_r44android-8.0.0_r43android-8.0.0_r42android-8.0.0_r41android-8.0.0_r40android-8.0.0_r4android-8.0.0_r39android-8.0.0_r38android-8.0.0_r37android-8.0.0_r36android-8.0.0_r35android-8.0.0_r32android-8.0.0_r31android-8.0.0_r30android-8.0.0_r3android-8.0.0_r29android-8.0.0_r28android-8.0.0_r2android-8.0.0_r17android-8.0.0_r16android-8.0.0_r15android-8.0.0_r13android-8.0.0_r12android-8.0.0_r11android-8.0.0_r10android-8.0.0_r1security-oc-releaseoreo-security-releaseoreo-releaseoreo-r6-releaseoreo-r5-releaseoreo-r4-releaseoreo-r3-releaseoreo-r2-releaseoreo-cts-release
Change-Id: Ia2f72c6b129b95b98eeed789961231e792619024
| -rw-r--r-- | qcwcn/wifi_hal/wifilogger_diag.cpp | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/qcwcn/wifi_hal/wifilogger_diag.cpp b/qcwcn/wifi_hal/wifilogger_diag.cpp index 5e9227b..d131102 100644 --- a/qcwcn/wifi_hal/wifilogger_diag.cpp +++ b/qcwcn/wifi_hal/wifilogger_diag.cpp @@ -2251,6 +2251,7 @@ wifi_error diag_message_handler(hal_info *info, nl_msg *msg) } } else if (cmd == ANI_NL_MSG_CNSS_DIAG) { uint16_t diag_fw_type; + struct nlmsghdr *nlh = nlmsg_hdr(msg); if (!info->cldctx) { buf = (uint8_t *)NLMSG_DATA(wnl) + sizeof(wnl->clh.radio); @@ -2268,6 +2269,12 @@ wifi_error diag_message_handler(hal_info *info, nl_msg *msg) wnl->nlh.nlmsg_len); return WIFI_ERROR_UNKNOWN; } + } else { + if (nlh->nlmsg_len <= NLMSG_HDRLEN + sizeof(dbglog_slot)) { + ALOGE("Received CNSS_DIAG message with insufficent length: %d: %s:%d", + nlh->nlmsg_len, __FUNCTION__, __LINE__); + return WIFI_ERROR_UNKNOWN; + } } diag_fw_type = event_hdr->diag_type; if (diag_fw_type == DIAG_TYPE_FW_MSG) { @@ -2275,6 +2282,16 @@ wifi_error diag_message_handler(hal_info *info, nl_msg *msg) u16 length = 0; slot = (dbglog_slot *)buf; + if (nlh->nlmsg_len < (NLMSG_HDRLEN + sizeof(dbglog_slot) + + slot->length)) { + ALOGE("Received CNSS_DIAG message with insufficent length: %d:" + " expected: %zu, %s:%d", + nlh->nlmsg_len, + (NLMSG_HDRLEN + sizeof(dbglog_slot) +slot->length), + __FUNCTION__, + __LINE__); + return WIFI_ERROR_UNKNOWN; + } length = get_le32((u8 *)&slot->length); process_fw_diag_msg(info, &slot->payload[0], length); } |