|
|
@@ -3300,6 +3300,7 @@ brcmf_notify_sched_scan_results(struct brcmf_if *ifp,
|
|
|
struct brcmf_pno_scanresults_le *pfn_result;
|
|
|
u32 result_count;
|
|
|
u32 status;
|
|
|
+ u32 datalen;
|
|
|
|
|
|
brcmf_dbg(SCAN, "Enter\n");
|
|
|
|
|
|
@@ -3326,6 +3327,14 @@ brcmf_notify_sched_scan_results(struct brcmf_if *ifp,
|
|
|
brcmf_err("FALSE PNO Event. (pfn_count == 0)\n");
|
|
|
goto out_err;
|
|
|
}
|
|
|
+
|
|
|
+ netinfo_start = brcmf_get_netinfo_array(pfn_result);
|
|
|
+ datalen = e->datalen - ((void *)netinfo_start - (void *)pfn_result);
|
|
|
+ if (datalen < result_count * sizeof(*netinfo)) {
|
|
|
+ brcmf_err("insufficient event data\n");
|
|
|
+ goto out_err;
|
|
|
+ }
|
|
|
+
|
|
|
request = brcmf_alloc_internal_escan_request(wiphy,
|
|
|
result_count);
|
|
|
if (!request) {
|
|
|
@@ -3333,8 +3342,6 @@ brcmf_notify_sched_scan_results(struct brcmf_if *ifp,
|
|
|
goto out_err;
|
|
|
}
|
|
|
|
|
|
- netinfo_start = brcmf_get_netinfo_array(pfn_result);
|
|
|
-
|
|
|
for (i = 0; i < result_count; i++) {
|
|
|
netinfo = &netinfo_start[i];
|
|
|
if (!netinfo) {
|
|
|
@@ -3344,6 +3351,8 @@ brcmf_notify_sched_scan_results(struct brcmf_if *ifp,
|
|
|
goto out_err;
|
|
|
}
|
|
|
|
|
|
+ if (netinfo->SSID_len > IEEE80211_MAX_SSID_LEN)
|
|
|
+ netinfo->SSID_len = IEEE80211_MAX_SSID_LEN;
|
|
|
brcmf_dbg(SCAN, "SSID:%.32s Channel:%d\n",
|
|
|
netinfo->SSID, netinfo->channel);
|
|
|
err = brcmf_internal_escan_add_info(request,
|
Arend Van Spriel