net: wireless: rockchip_wlan: realtek wifi: fix device_name and nego_ssid overflow in ioctl p2p interface

References: CNVD-C-2020-269231, CNVD-C-2020-269232

Signed-off-by: Weiguo Hu <hwg@rock-chips.com>
Change-Id: I1e926e5c9673fbc141275a72284569179f630aba

Author: Weiguo Hu

drivers/net/wireless/rockchip_wlan/rtl8188eu/os_dep/linux/ioctl_linux.c

@@ -4455,6 +4455,9 @@ static int rtw_p2p_set_go_nego_ssid(struct net_device *dev,
 	struct iw_point *pdata = &wrqu->data;
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WLAN_SSID_MAXLEN - 1)
+		return -EINVAL;
+
 	RTW_INFO("[%s] ssid = %s, len = %zu\n", __FUNCTION__, extra, strlen(extra));
 	_rtw_memcpy(pwdinfo->nego_ssid, extra, strlen(extra));
 	pwdinfo->nego_ssidlen = strlen(extra);
@@ -4599,6 +4602,8 @@ static int rtw_p2p_setDN(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WPS_MAX_DEVICE_NAME_LEN - 1)
+		return -EINVAL;
 
 	RTW_INFO("[%s] %s %d\n", __FUNCTION__, extra, wrqu->data.length - 1);
 	_rtw_memset(pwdinfo->device_name, 0x00, WPS_MAX_DEVICE_NAME_LEN);

drivers/net/wireless/rockchip_wlan/rtl8188fu/os_dep/linux/ioctl_linux.c

@@ -4895,6 +4895,9 @@ static int rtw_p2p_set_go_nego_ssid(struct net_device *dev,
 	struct iw_point *pdata = &wrqu->data;
 	struct wifidirect_info *pwdinfo= &(padapter->wdinfo);
 
+	if (wrqu->data.length > WLAN_SSID_MAXLEN - 1)
+		return -EINVAL;
+
 	DBG_871X( "[%s] ssid = %s, len = %zu\n", __FUNCTION__, extra, strlen( extra ) );
 	_rtw_memcpy( pwdinfo->nego_ssid, extra, strlen( extra ) );
 	pwdinfo->nego_ssidlen = strlen( extra );
@@ -5060,6 +5063,8 @@ static int rtw_p2p_setDN(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo= &(padapter->wdinfo);
 
+	if (wrqu->data.length > WPS_MAX_DEVICE_NAME_LEN - 1)
+		return -EINVAL;
 
 	DBG_871X( "[%s] %s %d\n", __FUNCTION__, extra, wrqu->data.length -1  );
 	_rtw_memset( pwdinfo->device_name, 0x00, WPS_MAX_DEVICE_NAME_LEN );

drivers/net/wireless/rockchip_wlan/rtl8189es/os_dep/linux/ioctl_linux.c

@@ -4942,6 +4942,9 @@ static int rtw_p2p_set_go_nego_ssid(struct net_device *dev,
 	struct iw_point *pdata = &wrqu->data;
 	struct wifidirect_info *pwdinfo= &(padapter->wdinfo);
 
+	if (wrqu->data.length > WLAN_SSID_MAXLEN - 1)
+		return -EINVAL;
+
 	DBG_871X( "[%s] ssid = %s, len = %zu\n", __FUNCTION__, extra, strlen( extra ) );
 	_rtw_memcpy( pwdinfo->nego_ssid, extra, strlen( extra ) );
 	pwdinfo->nego_ssidlen = strlen( extra );
@@ -5107,6 +5110,8 @@ static int rtw_p2p_setDN(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo= &(padapter->wdinfo);
 
+	if (wrqu->data.length > WPS_MAX_DEVICE_NAME_LEN - 1)
+		return -EINVAL;
 
 	DBG_871X( "[%s] %s %d\n", __FUNCTION__, extra, wrqu->data.length -1  );
 	_rtw_memset( pwdinfo->device_name, 0x00, WPS_MAX_DEVICE_NAME_LEN );

drivers/net/wireless/rockchip_wlan/rtl8189fs/os_dep/linux/ioctl_linux.c

@@ -3946,6 +3946,9 @@ static int rtw_p2p_set_go_nego_ssid(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WLAN_SSID_MAXLEN - 1)
+		return -EINVAL;
+
 	RTW_INFO("[%s] ssid = %s, len = %zu\n", __FUNCTION__, extra, strlen(extra));
 	_rtw_memcpy(pwdinfo->nego_ssid, extra, strlen(extra));
 	pwdinfo->nego_ssidlen = strlen(extra);
@@ -4090,6 +4093,8 @@ static int rtw_p2p_setDN(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WPS_MAX_DEVICE_NAME_LEN - 1)
+		return -EINVAL;
 
 	RTW_INFO("[%s] %s %d\n", __FUNCTION__, extra, wrqu->data.length - 1);
 	_rtw_memset(pwdinfo->device_name, 0x00, WPS_MAX_DEVICE_NAME_LEN);

drivers/net/wireless/rockchip_wlan/rtl8723bs/os_dep/linux/ioctl_linux.c

@@ -4093,6 +4093,9 @@ static int rtw_p2p_set_go_nego_ssid(struct net_device *dev,
 	struct iw_point *pdata = &wrqu->data;
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WLAN_SSID_MAXLEN - 1)
+		return -EINVAL;
+
 	RTW_INFO("[%s] ssid = %s, len = %zu\n", __FUNCTION__, extra, strlen(extra));
 	_rtw_memcpy(pwdinfo->nego_ssid, extra, strlen(extra));
 	pwdinfo->nego_ssidlen = strlen(extra);
@@ -4237,6 +4240,8 @@ static int rtw_p2p_setDN(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WPS_MAX_DEVICE_NAME_LEN - 1)
+		return -EINVAL;
 
 	RTW_INFO("[%s] %s %d\n", __FUNCTION__, extra, wrqu->data.length - 1);
 	_rtw_memset(pwdinfo->device_name, 0x00, WPS_MAX_DEVICE_NAME_LEN);

drivers/net/wireless/rockchip_wlan/rtl8723bu/os_dep/linux/ioctl_linux.c

@@ -4895,6 +4895,9 @@ static int rtw_p2p_set_go_nego_ssid(struct net_device *dev,
 	struct iw_point *pdata = &wrqu->data;
 	struct wifidirect_info *pwdinfo= &(padapter->wdinfo);
 
+	if (wrqu->data.length > WLAN_SSID_MAXLEN - 1)
+		return -EINVAL;
+
 	DBG_871X( "[%s] ssid = %s, len = %zu\n", __FUNCTION__, extra, strlen( extra ) );
 	_rtw_memcpy( pwdinfo->nego_ssid, extra, strlen( extra ) );
 	pwdinfo->nego_ssidlen = strlen( extra );
@@ -5060,6 +5063,8 @@ static int rtw_p2p_setDN(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo= &(padapter->wdinfo);
 
+	if (wrqu->data.length > WPS_MAX_DEVICE_NAME_LEN - 1)
+		return -EINVAL;
 
 	DBG_871X( "[%s] %s %d\n", __FUNCTION__, extra, wrqu->data.length -1  );
 	_rtw_memset( pwdinfo->device_name, 0x00, WPS_MAX_DEVICE_NAME_LEN );

drivers/net/wireless/rockchip_wlan/rtl8723cs/os_dep/linux/ioctl_linux.c

@@ -4455,6 +4455,9 @@ static int rtw_p2p_set_go_nego_ssid(struct net_device *dev,
 	struct iw_point *pdata = &wrqu->data;
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WLAN_SSID_MAXLEN - 1)
+		return -EINVAL;
+
 	RTW_INFO("[%s] ssid = %s, len = %zu\n", __FUNCTION__, extra, strlen(extra));
 	_rtw_memcpy(pwdinfo->nego_ssid, extra, strlen(extra));
 	pwdinfo->nego_ssidlen = strlen(extra);
@@ -4599,6 +4602,8 @@ static int rtw_p2p_setDN(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WPS_MAX_DEVICE_NAME_LEN - 1)
+		return -EINVAL;
 
 	RTW_INFO("[%s] %s %d\n", __FUNCTION__, extra, wrqu->data.length - 1);
 	_rtw_memset(pwdinfo->device_name, 0x00, WPS_MAX_DEVICE_NAME_LEN);

drivers/net/wireless/rockchip_wlan/rtl8723ds/os_dep/linux/ioctl_linux.c

@@ -3952,6 +3952,9 @@ static int rtw_p2p_set_go_nego_ssid(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WLAN_SSID_MAXLEN - 1)
+		return -EINVAL;
+
 	RTW_INFO("[%s] ssid = %s, len = %zu\n", __FUNCTION__, extra, strlen(extra));
 	_rtw_memcpy(pwdinfo->nego_ssid, extra, strlen(extra));
 	pwdinfo->nego_ssidlen = strlen(extra);
@@ -4096,6 +4099,8 @@ static int rtw_p2p_setDN(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WPS_MAX_DEVICE_NAME_LEN - 1)
+		return -EINVAL;
 
 	RTW_INFO("[%s] %s %d\n", __FUNCTION__, extra, wrqu->data.length - 1);
 	_rtw_memset(pwdinfo->device_name, 0x00, WPS_MAX_DEVICE_NAME_LEN);

drivers/net/wireless/rockchip_wlan/rtl8821cs/os_dep/linux/ioctl_linux.c

@@ -3946,6 +3946,9 @@ static int rtw_p2p_set_go_nego_ssid(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WLAN_SSID_MAXLEN - 1)
+		return -EINVAL;
+
 	RTW_INFO("[%s] ssid = %s, len = %zu\n", __FUNCTION__, extra, strlen(extra));
 	_rtw_memcpy(pwdinfo->nego_ssid, extra, strlen(extra));
 	pwdinfo->nego_ssidlen = strlen(extra);
@@ -4090,6 +4093,8 @@ static int rtw_p2p_setDN(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WPS_MAX_DEVICE_NAME_LEN - 1)
+		return -EINVAL;
 
 	RTW_INFO("[%s] %s %d\n", __FUNCTION__, extra, wrqu->data.length - 1);
 	_rtw_memset(pwdinfo->device_name, 0x00, WPS_MAX_DEVICE_NAME_LEN);

drivers/net/wireless/rockchip_wlan/rtl8822be/os_dep/linux/ioctl_linux.c

@@ -4519,6 +4519,9 @@ static int rtw_p2p_set_go_nego_ssid(struct net_device *dev,
 	struct iw_point *pdata = &wrqu->data;
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WLAN_SSID_MAXLEN - 1)
+		return -EINVAL;
+
 	RTW_INFO("[%s] ssid = %s, len = %zu\n", __FUNCTION__, extra, strlen(extra));
 	_rtw_memcpy(pwdinfo->nego_ssid, extra, strlen(extra));
 	pwdinfo->nego_ssidlen = strlen(extra);
@@ -4663,6 +4666,8 @@ static int rtw_p2p_setDN(struct net_device *dev,
 	_adapter *padapter = (_adapter *)rtw_netdev_priv(dev);
 	struct wifidirect_info *pwdinfo = &(padapter->wdinfo);
 
+	if (wrqu->data.length > WPS_MAX_DEVICE_NAME_LEN - 1)
+		return -EINVAL;
 
 	RTW_INFO("[%s] %s %d\n", __FUNCTION__, extra, wrqu->data.length - 1);
 	_rtw_memset(pwdinfo->device_name, 0x00, WPS_MAX_DEVICE_NAME_LEN);