From 06d07f547384954c7cddb4e27402cc03915f62d0 Mon Sep 17 00:00:00 2001 From: chen yi wen <15068825070@163.com> Date: Mon, 25 Aug 2025 11:31:17 +0000 Subject: [PATCH 1/4] 1 Signed-off-by: chen yi wen <15068825070@163.com> --- wlan/client/src/netlink/netlink_cmd_adapter.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/wlan/client/src/netlink/netlink_cmd_adapter.c b/wlan/client/src/netlink/netlink_cmd_adapter.c index ef7f55237f..5931542a68 100644 --- a/wlan/client/src/netlink/netlink_cmd_adapter.c +++ b/wlan/client/src/netlink/netlink_cmd_adapter.c @@ -131,6 +131,8 @@ static inline uint32_t BIT(uint8_t x) #define SOL_NETLINK 270 #define RECV_MAX_COUNT 100 #define NETLINK_BUFF_LENGTH 262144 +#define MAX_SCAN_FREQS 255 +#define MAX_PNO_NETWORKS 500 // vendor attr enum AndrWifiAttr { @@ -1651,6 +1653,10 @@ static int32_t CmdScanPutFreqsMsg(struct nl_msg *msg, const WifiScan *scan) HILOG_ERROR(LOG_CORE, "%s: nla_nest_start failed", __FUNCTION__); return RET_CODE_FAILURE; } + if (scan->numFreqs > MAX_SCAN_FREQS) { + HILOG_ERROR(LOG_CORE, "%s: invalid numFreqs", __FUNCTION__); + return RET_CODE_FAILURE; + } for (i = 0; i < scan->numFreqs; i++) { nla_put_u32(msg, i + 1, scan->freqs[i]); } @@ -2840,6 +2846,12 @@ static int32_t ProcessFreqToMsg(struct nl_msg *msg, const WifiPnoSettings *pnoSe uint32_t index = 0; DListHeadInit(&scanFreqs); + size_t networks_size = sizeof(pnoSettings->pnoNetworks); + if (pnoSettings->pnoNetworksLen <= networks_size) { + HILOG_ERROR(LOG_CORE, "%s: pnoSettings->pnoNetworksLen failed.", __FUNCTION__); + ClearFreqsList(&scanFreqs); + return RET_CODE_FAILURE; + } for (uint32_t i = 0; i < pnoSettings->pnoNetworksLen; i++) { for (uint32_t j = 0; j < pnoSettings->pnoNetworks[i].freqsLen; j++) { if (InsertFreqToList(pnoSettings->pnoNetworks[i].freqs[j], &scanFreqs) != RET_CODE_SUCCESS) { -- Gitee From b38fd480d17c0e032bc94974d25b4439eb489643 Mon Sep 17 00:00:00 2001 From: chen yi wen <15068825070@163.com> Date: Mon, 25 Aug 2025 11:55:54 +0000 Subject: [PATCH 2/4] 1 Signed-off-by: chen yi wen <15068825070@163.com> --- wlan/BUILD.gn | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/wlan/BUILD.gn b/wlan/BUILD.gn index 569c6d3b91..582cf15194 100644 --- a/wlan/BUILD.gn +++ b/wlan/BUILD.gn @@ -20,3 +20,18 @@ group("wlan_entry") { deps += [ "hdi_service:hdi_wlan_service" ] } } + + +ProcessMatchSsidToMsg + +if (pnoSettings->pnoNetworksLen > MAX_PNO_NETWORKS) { + HILOG_ERROR(LOG_CORE, "%s: invalid pnoSettings->pnoNetworksLen", __FUNCTION__); + return RET_CODE_FAILURE; + } + + ProcessSsidToMsg + + if (pnoSettings->pnoNetworksLen > MAX_PNO_NETWORKS) { + HILOG_ERROR(LOG_CORE, "%s: invalid pnoSettings->pnoNetworksLen", __FUNCTION__); + return RET_CODE_FAILURE; + } \ No newline at end of file -- Gitee From 6100ce6f771bd7698c952f178590ad8f7502de10 Mon Sep 17 00:00:00 2001 From: chen yi wen <15068825070@163.com> Date: Mon, 25 Aug 2025 12:04:39 +0000 Subject: [PATCH 3/4] update wlan/client/src/netlink/netlink_cmd_adapter.c. Signed-off-by: chen yi wen <15068825070@163.com> --- wlan/client/src/netlink/netlink_cmd_adapter.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/wlan/client/src/netlink/netlink_cmd_adapter.c b/wlan/client/src/netlink/netlink_cmd_adapter.c index 5931542a68..e5952f43a0 100644 --- a/wlan/client/src/netlink/netlink_cmd_adapter.c +++ b/wlan/client/src/netlink/netlink_cmd_adapter.c @@ -2662,6 +2662,10 @@ static int32_t ProcessMatchSsidToMsg(struct nl_msg *msg, const WiphyInfo *wiphyI HILOG_ERROR(LOG_CORE, "%s: nla_nest_start failed.", __FUNCTION__); return RET_CODE_FAILURE; } + if (pnoSettings->pnoNetworksLen > MAX_PNO_NETWORKS) { + HILOG_ERROR(LOG_CORE, "%s: invalid pnoSettings->pnoNetworksLen", __FUNCTION__); + return RET_CODE_FAILURE; + } for (uint32_t i = 0; i < pnoSettings->pnoNetworksLen; i++) { if (matchSsidsCount + 1 > wiphyInfo->scanCapabilities.maxMatchSets) { break; @@ -2738,6 +2742,10 @@ static int32_t ProcessSsidToMsg(struct nl_msg *msg, const WiphyInfo *wiphyInfo, struct DListHead scanSsids = {0}; DListHeadInit(&scanSsids); + if (pnoSettings->pnoNetworksLen > MAX_PNO_NETWORKS) { + HILOG_ERROR(LOG_CORE, "%s: invalid pnoSettings->pnoNetworksLen", __FUNCTION__); + return RET_CODE_FAILURE; + } for (uint32_t i = 0; i < pnoSettings->pnoNetworksLen; i++) { if (!(pnoSettings->pnoNetworks[i].isHidden)) { continue; -- Gitee From 1771dcc9f8d6f92768ce7464e142dd32ff05f58b Mon Sep 17 00:00:00 2001 From: chen yi wen <15068825070@163.com> Date: Mon, 25 Aug 2025 12:05:59 +0000 Subject: [PATCH 4/4] update wlan/BUILD.gn. Signed-off-by: chen yi wen <15068825070@163.com> --- wlan/BUILD.gn | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/wlan/BUILD.gn b/wlan/BUILD.gn index 582cf15194..2f54149148 100644 --- a/wlan/BUILD.gn +++ b/wlan/BUILD.gn @@ -19,19 +19,4 @@ group("wlan_entry") { if (!defined(ohos_lite)) { deps += [ "hdi_service:hdi_wlan_service" ] } -} - - -ProcessMatchSsidToMsg - -if (pnoSettings->pnoNetworksLen > MAX_PNO_NETWORKS) { - HILOG_ERROR(LOG_CORE, "%s: invalid pnoSettings->pnoNetworksLen", __FUNCTION__); - return RET_CODE_FAILURE; - } - - ProcessSsidToMsg - - if (pnoSettings->pnoNetworksLen > MAX_PNO_NETWORKS) { - HILOG_ERROR(LOG_CORE, "%s: invalid pnoSettings->pnoNetworksLen", __FUNCTION__); - return RET_CODE_FAILURE; - } \ No newline at end of file +} \ No newline at end of file -- Gitee