The helper mac_pton() validates and converts MAC address from string format to
a number. Originally code uses simple code to do that. With mac_pton() the
driver now validates input as well.
MEanwhile hex2bin() converts hexdecimal strings to its binary representation.
As the other helper it validates the input.
Signed-off-by: Andy Shevchenko <andriy.shevche...@linux.intel.com>
---
drivers/staging/rtl8188eu/core/rtw_ieee80211.c | 33 +----
drivers/staging/rtl8188eu/include/wlan_bssdef.h | 4 -
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c | 153 ++++++++++--------------
3 files changed, 66 insertions(+), 124 deletions(-)
diff --git a/drivers/staging/rtl8188eu/core/rtw_ieee80211.c
b/drivers/staging/rtl8188eu/core/rtw_ieee80211.c
index 0552019..c46e5ce 100644
--- a/drivers/staging/rtl8188eu/core/rtw_ieee80211.c
+++ b/drivers/staging/rtl8188eu/core/rtw_ieee80211.c
@@ -1067,41 +1067,18 @@ enum parse_res rtw_ieee802_11_parse_elems(u8 *start,
uint len,
return unknown ? ParseUnknown : ParseOK;
}
-u8 key_char2num(u8 ch)
-{
- if ((ch >= '0') && (ch <= '9'))
- return ch - '0';
- else if ((ch >= 'a') && (ch <= 'f'))
- return ch - 'a' + 10;
- else if ((ch >= 'A') && (ch <= 'F'))
- return ch - 'A' + 10;
- else
- return 0xff;
-}
-
-u8 str_2char2num(u8 hch, u8 lch)
-{
- return (key_char2num(hch) * 10) + key_char2num(lch);
-}
-
-u8 key_2char2num(u8 hch, u8 lch)
-{
- return (key_char2num(hch) << 4) | key_char2num(lch);
-}
-
void rtw_macaddr_cfg(u8 *mac_addr)
{
u8 mac[ETH_ALEN];
+
if (mac_addr == NULL)
return;
- if (rtw_initmac) { /* Users specify the mac address */
- int jj, kk;
-
- for (jj = 0, kk = 0; jj < ETH_ALEN; jj++, kk += 3)
- mac[jj] = key_2char2num(rtw_initmac[kk], rtw_initmac[kk
+ 1]);
+ if (rtw_initmac && mac_pton(rtw_initmac, mac)) {
+ /* Users specify the mac address */
memcpy(mac_addr, mac, ETH_ALEN);
- } else { /* Use the mac address stored in the Efuse */
+ } else {
+ /* Use the mac address stored in the Efuse */
memcpy(mac, mac_addr, ETH_ALEN);
}
diff --git a/drivers/staging/rtl8188eu/include/wlan_bssdef.h
b/drivers/staging/rtl8188eu/include/wlan_bssdef.h
index e70075d..53b1bd8 100644
--- a/drivers/staging/rtl8188eu/include/wlan_bssdef.h
+++ b/drivers/staging/rtl8188eu/include/wlan_bssdef.h
@@ -340,8 +340,4 @@ struct ndis_802_11_cap {
struct ndis_802_11_auth_encrypt AuthenticationEncryptionSupported[1];
};
-u8 key_2char2num(u8 hch, u8 lch);
-u8 key_char2num(u8 ch);
-u8 str_2char2num(u8 hch, u8 lch);
-
#endif /* ifndef WLAN_BSSDEF_H_ */
diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
index 56e24fa..f9b8ad4 100644
--- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
+++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
@@ -106,44 +106,6 @@ static const char * const iw_operation_mode[] = {
"Secondary", "Monitor"
};
-static int hex2num_i(char c)
-{
- if (c >= '0' && c <= '9')
- return c - '0';
- if (c >= 'a' && c <= 'f')
- return c - 'a' + 10;
- if (c >= 'A' && c <= 'F')
- return c - 'A' + 10;
- return -1;
-}
-
-/**
- * hwaddr_aton - Convert ASCII string to MAC address
- * @txt: MAC address as a string (e.g., "00:11:22:33:44:55")
- * @addr: Buffer for the MAC address (ETH_ALEN = 6 bytes)
- * Returns: 0 on success, -1 on failure (e.g., string not a MAC address)
- */
-static int hwaddr_aton_i(const char *txt, u8 *addr)
-{
- int i;
-
- for (i = 0; i < 6; i++) {
- int a, b;
-
- a = hex2num_i(*txt++);
- if (a < 0)
- return -1;
- b = hex2num_i(*txt++);
- if (b < 0)
- return -1;
- *addr++ = (a << 4) | b;
- if (i < 5 && *txt++ != ':')
- return -1;
- }
-
- return 0;
-}
-
void indicate_wx_scan_complete_event(struct adapter *padapter)
{
union iwreq_data wrqu;
@@ -2570,7 +2532,7 @@ static int rtw_get_ap_info(struct net_device *dev,
pnetwork = container_of(plist, struct wlan_network, list);
- if (hwaddr_aton_i(data, bssid)) {
+ if (!mac_pton(data, bssid)) {
DBG_88E("Invalid BSSID '%s'.\n", (u8 *)data);
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
return -EINVAL;
@@ -2752,7 +2714,7 @@ static int rtw_p2p_set_intent(struct net_device *dev,
intent = extra[0] - '0';
break;
case 2:
- intent = str_2char2num(extra[0], extra[1]);
+ intent = hex_to_bin(extra[0]) * 10 + hex_to_bin(extra[1]);
break;
}
if (intent <= 15)
@@ -2777,7 +2739,7 @@ static int rtw_p2p_set_listen_ch(struct net_device *dev,
listen_ch = extra[0] - '0';
break;
case 2:
- listen_ch = str_2char2num(extra[0], extra[1]);
+ listen_ch = hex_to_bin(extra[0]) * 10 + hex_to_bin(extra[1]);
break;
}
@@ -2810,7 +2772,7 @@ static int rtw_p2p_set_op_ch(struct net_device *dev,
op_ch = extra[0] - '0';
break;
case 2:
- op_ch = str_2char2num(extra[0], extra[1]);
+ op_ch = hex_to_bin(extra[0]) * 10 + hex_to_bin(extra[1]);
break;
}
@@ -2854,12 +2816,11 @@ static int rtw_p2p_profilefound(struct net_device *dev,
if (pwdinfo->profileindex >=
P2P_MAX_PERSISTENT_GROUP_NUM) {
ret = -1;
} else {
- int jj, kk;
-
/* Add this profile information into
pwdinfo->profileinfo */
/* Ex: 1XX:XX:XX:XX:XX:XXYYSSID */
- for (jj = 0, kk = 1; jj < ETH_ALEN; jj++, kk +=
3)
-
pwdinfo->profileinfo[pwdinfo->profileindex].peermac[jj] =
key_2char2num(extra[kk], extra[kk + 1]);
+ if (!mac_pton(extra + 1,
+
pwdinfo->profileinfo[pwdinfo->profileindex].peermac))
+ return -EINVAL;
pwdinfo->profileinfo[pwdinfo->profileindex].ssidlen = (extra[18] - '0') * 10 +
(extra[19] - '0');
memcpy(pwdinfo->profileinfo[pwdinfo->profileindex].ssid, &extra[20],
pwdinfo->profileinfo[pwdinfo->profileindex].ssidlen);
@@ -3038,8 +2999,7 @@ static int rtw_p2p_get_wps_configmethod(struct net_device
*dev,
int ret = 0;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
u8 peerMAC[ETH_ALEN] = {0x00};
- int jj, kk;
- u8 peerMACStr[17] = {0x00};
+ u8 peerMACStr[18] = {0x00};
struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
struct list_head *plist, *phead;
struct __queue *queue = &(pmlmepriv->scanned_queue);
@@ -3059,8 +3019,8 @@ static int rtw_p2p_get_wps_configmethod(struct net_device
*dev,
if (copy_from_user(peerMACStr, wrqu->data.pointer + 6, 17))
return -EFAULT;
- for (jj = 0, kk = 0; jj < ETH_ALEN; jj++, kk += 3)
- peerMAC[jj] = key_2char2num(peerMACStr[kk], peerMACStr[kk + 1]);
+ if (!mac_pton(peerMACStr, peerMAC))
+ return -EINVAL;
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
@@ -3109,8 +3069,7 @@ static int rtw_p2p_get_go_device_address(struct
net_device *dev,
int ret = 0;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
u8 peerMAC[ETH_ALEN] = {0x00};
- int jj, kk;
- u8 peerMACStr[17] = {0x00};
+ u8 peerMACStr[18] = {0x00};
struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
struct list_head *plist, *phead;
struct __queue *queue = &(pmlmepriv->scanned_queue);
@@ -3129,8 +3088,8 @@ static int rtw_p2p_get_go_device_address(struct
net_device *dev,
if (copy_from_user(peerMACStr, wrqu->data.pointer + 10, 17))
return -EFAULT;
- for (jj = 0, kk = 0; jj < ETH_ALEN; jj++, kk += 3)
- peerMAC[jj] = key_2char2num(peerMACStr[kk], peerMACStr[kk + 1]);
+ if (!mac_pton(peerMACStr, peerMAC))
+ return -EINVAL;
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
@@ -3193,8 +3152,7 @@ static int rtw_p2p_get_device_type(struct net_device *dev,
int ret = 0;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
u8 peerMAC[ETH_ALEN] = {0x00};
- int jj, kk;
- u8 peerMACStr[17] = {0x00};
+ u8 peerMACStr[18] = {0x00};
struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
struct list_head *plist, *phead;
struct __queue *queue = &(pmlmepriv->scanned_queue);
@@ -3213,8 +3171,8 @@ static int rtw_p2p_get_device_type(struct net_device *dev,
if (copy_from_user(peerMACStr, wrqu->data.pointer + 9, 17))
return -EFAULT;
- for (jj = 0, kk = 0; jj < ETH_ALEN; jj++, kk += 3)
- peerMAC[jj] = key_2char2num(peerMACStr[kk], peerMACStr[kk + 1]);
+ if (!mac_pton(peerMACStr, peerMAC))
+ return -EINVAL;
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
@@ -3272,8 +3230,7 @@ static int rtw_p2p_get_device_name(struct net_device *dev,
int ret = 0;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
u8 peerMAC[ETH_ALEN] = {0x00};
- int jj, kk;
- u8 peerMACStr[17] = {0x00};
+ u8 peerMACStr[18] = {0x00};
struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
struct list_head *plist, *phead;
struct __queue *queue = &(pmlmepriv->scanned_queue);
@@ -3292,8 +3249,8 @@ static int rtw_p2p_get_device_name(struct net_device *dev,
if (copy_from_user(peerMACStr, wrqu->data.pointer + 5, 17))
return -EFAULT;
- for (jj = 0, kk = 0; jj < ETH_ALEN; jj++, kk += 3)
- peerMAC[jj] = key_2char2num(peerMACStr[kk], peerMACStr[kk + 1]);
+ if (!mac_pton(peerMACStr, peerMAC))
+ return -EINVAL;
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
@@ -3341,8 +3298,7 @@ static int rtw_p2p_get_invitation_procedure(struct
net_device *dev,
int ret = 0;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
u8 peerMAC[ETH_ALEN] = {0x00};
- int jj, kk;
- u8 peerMACStr[17] = {0x00};
+ u8 peerMACStr[18] = {0x00};
struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
struct list_head *plist, *phead;
struct __queue *queue = &(pmlmepriv->scanned_queue);
@@ -3363,8 +3319,8 @@ static int rtw_p2p_get_invitation_procedure(struct
net_device *dev,
if (copy_from_user(peerMACStr, wrqu->data.pointer + 8, 17))
return -EFAULT;
- for (jj = 0, kk = 0; jj < ETH_ALEN; jj++, kk += 3)
- peerMAC[jj] = key_2char2num(peerMACStr[kk], peerMACStr[kk + 1]);
+ if (!mac_pton(peerMACStr, peerMAC))
+ return -EINVAL;
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
@@ -3421,7 +3377,6 @@ static int rtw_p2p_connect(struct net_device *dev,
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 peerMAC[ETH_ALEN] = {0x00};
- int jj, kk;
struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
struct list_head *plist, *phead;
struct __queue *queue = &(pmlmepriv->scanned_queue);
@@ -3445,8 +3400,8 @@ static int rtw_p2p_connect(struct net_device *dev,
if (pwdinfo->ui_got_wps_info == P2P_NO_WPSINFO)
return -1;
- for (jj = 0, kk = 0; jj < ETH_ALEN; jj++, kk += 3)
- peerMAC[jj] = key_2char2num(extra[kk], extra[kk + 1]);
+ if (!mac_pton(extra, peerMAC))
+ return -EINVAL;
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
@@ -3502,7 +3457,6 @@ static int rtw_p2p_invite_req(struct net_device *dev,
int ret = 0;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
- int jj, kk;
struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
struct list_head *plist, *phead;
struct __queue *queue = &(pmlmepriv->scanned_queue);
@@ -3540,8 +3494,8 @@ static int rtw_p2p_invite_req(struct net_device *dev,
pinvite_req_info->token = 3;
}
- for (jj = 0, kk = 0; jj < ETH_ALEN; jj++, kk += 3)
- pinvite_req_info->peer_macaddr[jj] = key_2char2num(extra[kk],
extra[kk + 1]);
+ if (!mac_pton(extra, pinvite_req_info->peer_macaddr))
+ return -EINVAL;
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
@@ -3584,8 +3538,8 @@ static int rtw_p2p_invite_req(struct net_device *dev,
if (uintPeerChannel) {
/* Store the GO's bssid */
- for (jj = 0, kk = 18; jj < ETH_ALEN; jj++, kk += 3)
- pinvite_req_info->go_bssid[jj] =
key_2char2num(extra[kk], extra[kk + 1]);
+ if (!mac_pton(extra + 18, pinvite_req_info->go_bssid))
+ return -EINVAL;
/* Store the GO's ssid */
pinvite_req_info->ssidlen = wrqu->data.length - 36;
@@ -3644,7 +3598,6 @@ static int rtw_p2p_prov_disc(struct net_device *dev,
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
u8 peerMAC[ETH_ALEN] = {0x00};
- int jj, kk;
struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
struct list_head *plist, *phead;
struct __queue *queue = &(pmlmepriv->scanned_queue);
@@ -3677,8 +3630,8 @@ static int rtw_p2p_prov_disc(struct net_device *dev,
pwdinfo->tx_prov_disc_info.benable = false;
}
- for (jj = 0, kk = 0; jj < ETH_ALEN; jj++, kk += 3)
- peerMAC[jj] = key_2char2num(extra[kk], extra[kk + 1]);
+ if (!mac_pton(extra, peerMAC))
+ return -EINVAL;
if (!memcmp(&extra[18], "display", 7)) {
pwdinfo->tx_prov_disc_info.wps_config_method_request =
WPS_CM_DISPLYA;
@@ -5942,7 +5895,7 @@ static int rtw_mp_efuse_set(struct net_device *dev,
struct efuse_hal *pEfuseHal;
u8 ips_mode = 0, lps_mode = 0;
- u32 i, jj, kk;
+ u32 i;
u8 *setdata = NULL;
u8 *ShadowMapBT = NULL;
u8 *ShadowMapWiFi = NULL;
@@ -6020,8 +5973,11 @@ static int rtw_mp_efuse_set(struct net_device *dev,
DBG_88E("%s: cnts =%d\n", __func__, cnts);
DBG_88E("%s: map data =%s\n", __func__, tmp[2]);
- for (jj = 0, kk = 0; jj < cnts; jj++, kk += 2)
- setdata[jj] = key_2char2num(tmp[2][kk], tmp[2][kk + 1]);
+ if (hex2bin(setdata, tmp[2], cnts) < 0) {
+ err = -EINVAL;
+ goto exit;
+ }
+
/* Change to check TYPE_EFUSE_MAP_LEN, because 8188E raw 256,
logic map over 256. */
EFUSE_GetEfuseDefinition(padapter, EFUSE_WIFI,
TYPE_EFUSE_MAP_LEN, (void *)&max_available_size);
if ((addr+cnts) > max_available_size) {
@@ -6059,8 +6015,10 @@ static int rtw_mp_efuse_set(struct net_device *dev,
DBG_88E("%s: cnts =%d\n", __func__, cnts);
DBG_88E("%s: raw data =%s\n", __func__, tmp[2]);
- for (jj = 0, kk = 0; jj < cnts; jj++, kk += 2)
- setrawdata[jj] = key_2char2num(tmp[2][kk], tmp[2][kk +
1]);
+ if (hex2bin(setrawdata, tmp[2], cnts) < 0) {
+ err = -EINVAL;
+ goto exit;
+ }
if (rtw_efuse_access(padapter, true, addr, cnts, setrawdata) ==
_FAIL) {
DBG_88E("%s: rtw_efuse_access error!!\n", __func__);
@@ -6095,8 +6053,11 @@ static int rtw_mp_efuse_set(struct net_device *dev,
DBG_88E("%s: cnts =%d\n", __func__, cnts);
DBG_88E("%s: MAC address =%s\n", __func__, tmp[1]);
- for (jj = 0, kk = 0; jj < cnts; jj++, kk += 2)
- setdata[jj] = key_2char2num(tmp[1][kk], tmp[1][kk + 1]);
+ if (hex2bin(setdata, tmp[1], cnts) < 0) {
+ err = -EINVAL;
+ goto exit;
+ }
+
/* Change to check TYPE_EFUSE_MAP_LEN, because 8188E raw 256,
logic map over 256. */
EFUSE_GetEfuseDefinition(padapter, EFUSE_WIFI,
TYPE_EFUSE_MAP_LEN, (void *)&max_available_size);
if ((addr+cnts) > max_available_size) {
@@ -6133,8 +6094,10 @@ static int rtw_mp_efuse_set(struct net_device *dev,
DBG_88E("%s: cnts =%d\n", __func__, cnts);
DBG_88E("%s: VID/PID =%s\n", __func__, tmp[1]);
- for (jj = 0, kk = 0; jj < cnts; jj++, kk += 2)
- setdata[jj] = key_2char2num(tmp[1][kk], tmp[1][kk + 1]);
+ if (hex2bin(setdata, tmp[1], cnts) < 0) {
+ err = -EINVAL;
+ goto exit;
+ }
EFUSE_GetEfuseDefinition(padapter, EFUSE_WIFI,
TYPE_AVAILABLE_EFUSE_BYTES_TOTAL, (void *)&max_available_size);
if ((addr+cnts) > max_available_size) {
@@ -6172,8 +6135,10 @@ static int rtw_mp_efuse_set(struct net_device *dev,
DBG_88E("%s: cnts =%d\n", __func__, cnts);
DBG_88E("%s: BT data =%s\n", __func__, tmp[2]);
- for (jj = 0, kk = 0; jj < cnts; jj++, kk += 2)
- setdata[jj] = key_2char2num(tmp[2][kk], tmp[2][kk + 1]);
+ if (hex2bin(setdata, tmp[2], cnts) < 0) {
+ err = -EINVAL;
+ goto exit;
+ }
EFUSE_GetEfuseDefinition(padapter, EFUSE_BT,
TYPE_AVAILABLE_EFUSE_BYTES_TOTAL, (void *)&max_available_size);
if ((addr+cnts) > max_available_size) {
@@ -6206,8 +6171,10 @@ static int rtw_mp_efuse_set(struct net_device *dev,
DBG_88E("%s: cnts =%d\n", __func__, cnts);
DBG_88E("%s: BT tmp data =%s\n", __func__, tmp[2]);
- for (jj = 0, kk = 0; jj < cnts; jj++, kk += 2)
- pEfuseHal->fakeBTEfuseModifiedMap[addr+jj] =
key_2char2num(tmp[2][kk], tmp[2][kk + 1]);
+ if (hex2bin(pEfuseHal->fakeBTEfuseModifiedMap + addr, tmp[2],
cnts) < 0) {
+ err = -EINVAL;
+ goto exit;
+ }
} else if (strcmp(tmp[0], "wldumpfake") == 0) {
if (rtw_efuse_map_read(padapter, 0, EFUSE_BT_MAX_MAP_LEN,
pEfuseHal->fakeEfuseModifiedMap) == _SUCCESS) {
DBG_88E("%s: BT read all map success\n", __func__);
@@ -6260,8 +6227,10 @@ static int rtw_mp_efuse_set(struct net_device *dev,
DBG_88E("%s: cnts =%d\n", __func__, cnts);
DBG_88E("%s: map tmp data =%s\n", __func__, tmp[2]);
- for (jj = 0, kk = 0; jj < cnts; jj++, kk += 2)
- pEfuseHal->fakeEfuseModifiedMap[addr+jj] =
key_2char2num(tmp[2][kk], tmp[2][kk + 1]);
+ if (hex2bin(pEfuseHal->fakeEfuseModifiedMap + addr, tmp[2],
cnts) < 0) {
+ err = -EINVAL;
+ goto exit;
+ }
}
exit:
--
2.0.0
_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
