mirrors/rtl8812au-chinawrj
1
0
Fork 0
mirror of https://github.com/chinawrj/rtl8812au synced 2024-11-08 20:35:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add checks for p->length and remove some goto statements

Browse Source
This commit is contained in:
kimocoder 2020-07-12 00:33:50 +00:00
parent 058ef814b8
commit 4339edf38f
3 changed files with 15 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/rtw_mp.c
View File

@ -2406,7 +2406,7 @@ u32 mp_query_psd(PADAPTER pAdapter, u8 *data)
psd_data = rtw_GetPSDData(pAdapter, i - psd_pts);
else
psd_data = rtw_GetPSDData(pAdapter, i);
sprintf(data, "%s%x ", data, psd_data);
sprintf(data + strlen(data), "%x ", psd_data);
i++;
}

2
dkms.conf
View File

@ -1,5 +1,5 @@
PACKAGE_NAME="realtek-rtl88xxau"
PACKAGE_VERSION="5.6.4.2~20200313"
PACKAGE_VERSION="5.6.4.2~20200712"
CLEAN="'make' clean"
BUILT_MODULE_NAME[0]=88XXau
PROCS_NUM=`nproc`

49
os_dep/linux/ioctl_linux.c
View File

@ -6867,21 +6867,17 @@ static int wpa_supplicant_ioctl(struct net_device *dev, struct iw_point *p)
/* down(&ieee->wx_sem); */
if (p->length < sizeof(struct ieee_param) || !p->pointer) {
ret = -EINVAL;
goto out;
}
if (!p->pointer || p->length != sizeof(struct ieee_param))
return -EINVAL;
param = (struct ieee_param *)rtw_malloc(p->length);
if (param == NULL) {
ret = -ENOMEM;
goto out;
}
if (param == NULL)
return -ENOMEM;
if (copy_from_user(param, p->pointer, p->length)) {
rtw_mfree((u8 *)param, p->length);
ret = -EFAULT;
goto out;
return -EFAULT;
}
switch (param->cmd) {
@ -6915,12 +6911,7 @@ static int wpa_supplicant_ioctl(struct net_device *dev, struct iw_point *p)
rtw_mfree((u8 *)param, p->length);
out:
/* up(&ieee->wx_sem); */
return ret;
}
#ifdef CONFIG_AP_MODE
@ -7727,32 +7718,21 @@ static int rtw_hostapd_ioctl(struct net_device *dev, struct iw_point *p)
* so, we just check hw_init_completed
*/
if (!rtw_is_hw_init_completed(padapter)) {
ret = -EPERM;
goto out;
}
if (!rtw_is_hw_init_completed(padapter))
return -EPERM;
/* if (p->length < sizeof(struct ieee_param) || !p->pointer){ */
if (!p->pointer) {
ret = -EINVAL;
goto out;
}
if (!p->pointer || p->length != sizeof(struct ieee_param))
return -EINVAL;
param = (struct ieee_param *)rtw_malloc(p->length);
if (param == NULL) {
ret = -ENOMEM;
goto out;
}
if (param == NULL)
return -ENOMEM;
if (copy_from_user(param, p->pointer, p->length)) {
rtw_mfree((u8 *)param, p->length);
ret = -EFAULT;
goto out;
return -EFAULT;
}
/* RTW_INFO("%s, cmd=%d\n", __FUNCTION__, param->cmd); */
switch (param->cmd) {
case RTL871X_HOSTAPD_FLUSH:
@ -7845,10 +7825,7 @@ static int rtw_hostapd_ioctl(struct net_device *dev, struct iw_point *p)
rtw_mfree((u8 *)param, p->length);
out:
return ret;
}
#endif