When user-space does not provide scheduled scan plans, ie. uses the old scheduled scan API containing NL80211_ATTR_SCHED_SCAN_INTERVAL. The interval value passed by user-space is validated against struct wiphy::max_sched_scan_plan_interval and if it is exceeding it the interval is set to struct wiphy::max_sched_scan_plan_interval. However, when the driver does not set this limit the interval the interval in the request will always be zero. Hence add a check to see whether the driver set struct wiphy::max_sched_scan_plan_interval. For the new API, ie. for scheduled scan plans, the interval validation has been simalarly adjusted to assure the limit is non-zero. Signed-off-by: Arend van Spriel <arend.vanspriel@xxxxxxxxxxxx> --- net/wireless/nl80211.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 24ab199..e621554 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -6777,7 +6777,8 @@ static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info) if (!request->scan_plans[0].interval) return -EINVAL; - if (request->scan_plans[0].interval > + if (wiphy->max_sched_scan_plan_interval && + request->scan_plans[0].interval > wiphy->max_sched_scan_plan_interval) request->scan_plans[0].interval = wiphy->max_sched_scan_plan_interval; @@ -6801,7 +6802,10 @@ static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info) request->scan_plans[i].interval = nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]); - if (!request->scan_plans[i].interval || + if (!request->scan_plans[i].interval) + return -EINVAL; + + if (wiphy->max_sched_scan_plan_interval && request->scan_plans[i].interval > wiphy->max_sched_scan_plan_interval) return -EINVAL; -- 1.9.1
