aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/wireless/nl80211.c1204
-rw-r--r--net/wireless/wext-core.c3
2 files changed, 662 insertions, 545 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index e49da2797022..a4aab1d36285 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -356,20 +356,26 @@ static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
356static int nl80211_msg_put_channel(struct sk_buff *msg, 356static int nl80211_msg_put_channel(struct sk_buff *msg,
357 struct ieee80211_channel *chan) 357 struct ieee80211_channel *chan)
358{ 358{
359 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ, 359 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
360 chan->center_freq); 360 chan->center_freq))
361 goto nla_put_failure;
361 362
362 if (chan->flags & IEEE80211_CHAN_DISABLED) 363 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
363 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED); 364 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
364 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) 365 goto nla_put_failure;
365 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN); 366 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
366 if (chan->flags & IEEE80211_CHAN_NO_IBSS) 367 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN))
367 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS); 368 goto nla_put_failure;
368 if (chan->flags & IEEE80211_CHAN_RADAR) 369 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) &&
369 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR); 370 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS))
371 goto nla_put_failure;
372 if ((chan->flags & IEEE80211_CHAN_RADAR) &&
373 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
374 goto nla_put_failure;
370 375
371 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 376 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
372 DBM_TO_MBM(chan->max_power)); 377 DBM_TO_MBM(chan->max_power)))
378 goto nla_put_failure;
373 379
374 return 0; 380 return 0;
375 381
@@ -621,8 +627,8 @@ static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
621 627
622 i = 0; 628 i = 0;
623 while (ifmodes) { 629 while (ifmodes) {
624 if (ifmodes & 1) 630 if ((ifmodes & 1) && nla_put_flag(msg, i))
625 NLA_PUT_FLAG(msg, i); 631 goto nla_put_failure;
626 ifmodes >>= 1; 632 ifmodes >>= 1;
627 i++; 633 i++;
628 } 634 }
@@ -665,8 +671,9 @@ static int nl80211_put_iface_combinations(struct wiphy *wiphy,
665 nl_limit = nla_nest_start(msg, j + 1); 671 nl_limit = nla_nest_start(msg, j + 1);
666 if (!nl_limit) 672 if (!nl_limit)
667 goto nla_put_failure; 673 goto nla_put_failure;
668 NLA_PUT_U32(msg, NL80211_IFACE_LIMIT_MAX, 674 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
669 c->limits[j].max); 675 c->limits[j].max))
676 goto nla_put_failure;
670 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 677 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
671 c->limits[j].types)) 678 c->limits[j].types))
672 goto nla_put_failure; 679 goto nla_put_failure;
@@ -675,13 +682,14 @@ static int nl80211_put_iface_combinations(struct wiphy *wiphy,
675 682
676 nla_nest_end(msg, nl_limits); 683 nla_nest_end(msg, nl_limits);
677 684
678 if (c->beacon_int_infra_match) 685 if (c->beacon_int_infra_match &&
679 NLA_PUT_FLAG(msg, 686 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
680 NL80211_IFACE_COMB_STA_AP_BI_MATCH); 687 goto nla_put_failure;
681 NLA_PUT_U32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 688 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
682 c->num_different_channels); 689 c->num_different_channels) ||
683 NLA_PUT_U32(msg, NL80211_IFACE_COMB_MAXNUM, 690 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
684 c->max_interfaces); 691 c->max_interfaces))
692 goto nla_put_failure;
685 693
686 nla_nest_end(msg, nl_combi); 694 nla_nest_end(msg, nl_combi);
687 } 695 }
@@ -712,64 +720,74 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
712 if (!hdr) 720 if (!hdr)
713 return -1; 721 return -1;
714 722
715 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx); 723 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
716 NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)); 724 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) ||
717 725 nla_put_u32(msg, NL80211_ATTR_GENERATION,
718 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 726 cfg80211_rdev_list_generation) ||
719 cfg80211_rdev_list_generation); 727 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
720 728 dev->wiphy.retry_short) ||
721 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 729 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
722 dev->wiphy.retry_short); 730 dev->wiphy.retry_long) ||
723 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 731 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
724 dev->wiphy.retry_long); 732 dev->wiphy.frag_threshold) ||
725 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 733 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
726 dev->wiphy.frag_threshold); 734 dev->wiphy.rts_threshold) ||
727 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 735 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
728 dev->wiphy.rts_threshold); 736 dev->wiphy.coverage_class) ||
729 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 737 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
730 dev->wiphy.coverage_class); 738 dev->wiphy.max_scan_ssids) ||
731 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 739 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
732 dev->wiphy.max_scan_ssids); 740 dev->wiphy.max_sched_scan_ssids) ||
733 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 741 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
734 dev->wiphy.max_sched_scan_ssids); 742 dev->wiphy.max_scan_ie_len) ||
735 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 743 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
736 dev->wiphy.max_scan_ie_len); 744 dev->wiphy.max_sched_scan_ie_len) ||
737 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 745 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
738 dev->wiphy.max_sched_scan_ie_len); 746 dev->wiphy.max_match_sets))
739 NLA_PUT_U8(msg, NL80211_ATTR_MAX_MATCH_SETS, 747 goto nla_put_failure;
740 dev->wiphy.max_match_sets); 748
741 749 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
742 if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) 750 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
743 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN); 751 goto nla_put_failure;
744 if (dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) 752 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
745 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH); 753 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
746 if (dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) 754 goto nla_put_failure;
747 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_AP_UAPSD); 755 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
748 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) 756 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
749 NLA_PUT_FLAG(msg, NL80211_ATTR_ROAM_SUPPORT); 757 goto nla_put_failure;
750 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) 758 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
751 NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_SUPPORT); 759 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
752 if (dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) 760 goto nla_put_failure;
753 NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP); 761 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
754 762 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
755 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES, 763 goto nla_put_failure;
756 sizeof(u32) * dev->wiphy.n_cipher_suites, 764 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
757 dev->wiphy.cipher_suites); 765 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
758 766 goto nla_put_failure;
759 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 767
760 dev->wiphy.max_num_pmkids); 768 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
761 769 sizeof(u32) * dev->wiphy.n_cipher_suites,
762 if (dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) 770 dev->wiphy.cipher_suites))
763 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE); 771 goto nla_put_failure;
764 772
765 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 773 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
766 dev->wiphy.available_antennas_tx); 774 dev->wiphy.max_num_pmkids))
767 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 775 goto nla_put_failure;
768 dev->wiphy.available_antennas_rx); 776
769 777 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
770 if (dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) 778 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
771 NLA_PUT_U32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 779 goto nla_put_failure;
772 dev->wiphy.probe_resp_offload); 780
781 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
782 dev->wiphy.available_antennas_tx) ||
783 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
784 dev->wiphy.available_antennas_rx))
785 goto nla_put_failure;
786
787 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
788 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
789 dev->wiphy.probe_resp_offload))
790 goto nla_put_failure;
773 791
774 if ((dev->wiphy.available_antennas_tx || 792 if ((dev->wiphy.available_antennas_tx ||
775 dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) { 793 dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
@@ -777,8 +795,11 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
777 int res; 795 int res;
778 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant); 796 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
779 if (!res) { 797 if (!res) {
780 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, tx_ant); 798 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX,
781 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, rx_ant); 799 tx_ant) ||
800 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX,
801 rx_ant))
802 goto nla_put_failure;
782 } 803 }
783 } 804 }
784 805
@@ -799,17 +820,17 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
799 goto nla_put_failure; 820 goto nla_put_failure;
800 821
801 /* add HT info */ 822 /* add HT info */
802 if (dev->wiphy.bands[band]->ht_cap.ht_supported) { 823 if (dev->wiphy.bands[band]->ht_cap.ht_supported &&
803 NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET, 824 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
804 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 825 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
805 &dev->wiphy.bands[band]->ht_cap.mcs); 826 &dev->wiphy.bands[band]->ht_cap.mcs) ||
806 NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA, 827 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
807 dev->wiphy.bands[band]->ht_cap.cap); 828 dev->wiphy.bands[band]->ht_cap.cap) ||
808 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 829 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
809 dev->wiphy.bands[band]->ht_cap.ampdu_factor); 830 dev->wiphy.bands[band]->ht_cap.ampdu_factor) ||
810 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 831 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
811 dev->wiphy.bands[band]->ht_cap.ampdu_density); 832 dev->wiphy.bands[band]->ht_cap.ampdu_density)))
812 } 833 goto nla_put_failure;
813 834
814 /* add frequencies */ 835 /* add frequencies */
815 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 836 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
@@ -842,11 +863,13 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
842 goto nla_put_failure; 863 goto nla_put_failure;
843 864
844 rate = &dev->wiphy.bands[band]->bitrates[i]; 865 rate = &dev->wiphy.bands[band]->bitrates[i];
845 NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE, 866 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
846 rate->bitrate); 867 rate->bitrate))
847 if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) 868 goto nla_put_failure;
848 NLA_PUT_FLAG(msg, 869 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
849 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE); 870 nla_put_flag(msg,
871 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
872 goto nla_put_failure;
850 873
851 nla_nest_end(msg, nl_rate); 874 nla_nest_end(msg, nl_rate);
852 } 875 }
@@ -866,7 +889,8 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
866 do { \ 889 do { \
867 if (dev->ops->op) { \ 890 if (dev->ops->op) { \
868 i++; \ 891 i++; \
869 NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \ 892 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
893 goto nla_put_failure; \
870 } \ 894 } \
871 } while (0) 895 } while (0)
872 896
@@ -894,7 +918,8 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
894 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 918 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
895 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 919 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
896 i++; 920 i++;
897 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS); 921 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
922 goto nla_put_failure;
898 } 923 }
899 CMD(set_channel, SET_CHANNEL); 924 CMD(set_channel, SET_CHANNEL);
900 CMD(set_wds_peer, SET_WDS_PEER); 925 CMD(set_wds_peer, SET_WDS_PEER);
@@ -908,7 +933,8 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
908 CMD(set_noack_map, SET_NOACK_MAP); 933 CMD(set_noack_map, SET_NOACK_MAP);
909 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 934 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
910 i++; 935 i++;
911 NLA_PUT_U32(msg, i, NL80211_CMD_REGISTER_BEACONS); 936 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
937 goto nla_put_failure;
912 } 938 }
913 939
914#ifdef CONFIG_NL80211_TESTMODE 940#ifdef CONFIG_NL80211_TESTMODE
@@ -919,23 +945,27 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
919 945
920 if (dev->ops->connect || dev->ops->auth) { 946 if (dev->ops->connect || dev->ops->auth) {
921 i++; 947 i++;
922 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT); 948 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
949 goto nla_put_failure;
923 } 950 }
924 951
925 if (dev->ops->disconnect || dev->ops->deauth) { 952 if (dev->ops->disconnect || dev->ops->deauth) {
926 i++; 953 i++;
927 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT); 954 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
955 goto nla_put_failure;
928 } 956 }
929 957
930 nla_nest_end(msg, nl_cmds); 958 nla_nest_end(msg, nl_cmds);
931 959
932 if (dev->ops->remain_on_channel && 960 if (dev->ops->remain_on_channel &&
933 dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 961 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
934 NLA_PUT_U32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 962 nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
935 dev->wiphy.max_remain_on_channel_duration); 963 dev->wiphy.max_remain_on_channel_duration))
964 goto nla_put_failure;
936 965
937 if (dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) 966 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
938 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 967 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
968 goto nla_put_failure;
939 969
940 if (mgmt_stypes) { 970 if (mgmt_stypes) {
941 u16 stypes; 971 u16 stypes;
@@ -953,9 +983,10 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
953 i = 0; 983 i = 0;
954 stypes = mgmt_stypes[ift].tx; 984 stypes = mgmt_stypes[ift].tx;
955 while (stypes) { 985 while (stypes) {
956 if (stypes & 1) 986 if ((stypes & 1) &&
957 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, 987 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
958 (i << 4) | IEEE80211_FTYPE_MGMT); 988 (i << 4) | IEEE80211_FTYPE_MGMT))
989 goto nla_put_failure;
959 stypes >>= 1; 990 stypes >>= 1;
960 i++; 991 i++;
961 } 992 }
@@ -975,9 +1006,10 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
975 i = 0; 1006 i = 0;
976 stypes = mgmt_stypes[ift].rx; 1007 stypes = mgmt_stypes[ift].rx;
977 while (stypes) { 1008 while (stypes) {
978 if (stypes & 1) 1009 if ((stypes & 1) &&
979 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, 1010 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
980 (i << 4) | IEEE80211_FTYPE_MGMT); 1011 (i << 4) | IEEE80211_FTYPE_MGMT))
1012 goto nla_put_failure;
981 stypes >>= 1; 1013 stypes >>= 1;
982 i++; 1014 i++;
983 } 1015 }
@@ -994,22 +1026,23 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
994 if (!nl_wowlan) 1026 if (!nl_wowlan)
995 goto nla_put_failure; 1027 goto nla_put_failure;
996 1028
997 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) 1029 if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) &&
998 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY); 1030 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
999 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) 1031 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) &&
1000 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT); 1032 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1001 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) 1033 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1002 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT); 1034 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1003 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) 1035 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1004 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED); 1036 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1005 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) 1037 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1006 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE); 1038 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1007 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) 1039 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1008 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST); 1040 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1009 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) 1041 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1010 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE); 1042 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1011 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) 1043 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1012 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE); 1044 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1045 goto nla_put_failure;
1013 if (dev->wiphy.wowlan.n_patterns) { 1046 if (dev->wiphy.wowlan.n_patterns) {
1014 struct nl80211_wowlan_pattern_support pat = { 1047 struct nl80211_wowlan_pattern_support pat = {
1015 .max_patterns = dev->wiphy.wowlan.n_patterns, 1048 .max_patterns = dev->wiphy.wowlan.n_patterns,
@@ -1018,8 +1051,9 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1018 .max_pattern_len = 1051 .max_pattern_len =
1019 dev->wiphy.wowlan.pattern_max_len, 1052 dev->wiphy.wowlan.pattern_max_len,
1020 }; 1053 };
1021 NLA_PUT(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1054 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1022 sizeof(pat), &pat); 1055 sizeof(pat), &pat))
1056 goto nla_put_failure;
1023 } 1057 }
1024 1058
1025 nla_nest_end(msg, nl_wowlan); 1059 nla_nest_end(msg, nl_wowlan);
@@ -1032,16 +1066,20 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1032 if (nl80211_put_iface_combinations(&dev->wiphy, msg)) 1066 if (nl80211_put_iface_combinations(&dev->wiphy, msg))
1033 goto nla_put_failure; 1067 goto nla_put_failure;
1034 1068
1035 if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) 1069 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1036 NLA_PUT_U32(msg, NL80211_ATTR_DEVICE_AP_SME, 1070 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1037 dev->wiphy.ap_sme_capa); 1071 dev->wiphy.ap_sme_capa))
1072 goto nla_put_failure;
1038 1073
1039 NLA_PUT_U32(msg, NL80211_ATTR_FEATURE_FLAGS, dev->wiphy.features); 1074 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS,
1075 dev->wiphy.features))
1076 goto nla_put_failure;
1040 1077
1041 if (dev->wiphy.ht_capa_mod_mask) 1078 if (dev->wiphy.ht_capa_mod_mask &&
1042 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1079 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1043 sizeof(*dev->wiphy.ht_capa_mod_mask), 1080 sizeof(*dev->wiphy.ht_capa_mod_mask),
1044 dev->wiphy.ht_capa_mod_mask); 1081 dev->wiphy.ht_capa_mod_mask))
1082 goto nla_put_failure;
1045 1083
1046 return genlmsg_end(msg, hdr); 1084 return genlmsg_end(msg, hdr);
1047 1085
@@ -1484,14 +1522,15 @@ static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1484 if (!hdr) 1522 if (!hdr)
1485 return -1; 1523 return -1;
1486 1524
1487 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1525 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
1488 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 1526 nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1489 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name); 1527 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name) ||
1490 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype); 1528 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
1491 1529 dev->ieee80211_ptr->iftype) ||
1492 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 1530 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1493 rdev->devlist_generation ^ 1531 rdev->devlist_generation ^
1494 (cfg80211_rdev_list_generation << 2)); 1532 (cfg80211_rdev_list_generation << 2)))
1533 goto nla_put_failure;
1495 1534
1496 return genlmsg_end(msg, hdr); 1535 return genlmsg_end(msg, hdr);
1497 1536
@@ -1789,35 +1828,34 @@ static void get_key_callback(void *c, struct key_params *params)
1789 struct nlattr *key; 1828 struct nlattr *key;
1790 struct get_key_cookie *cookie = c; 1829 struct get_key_cookie *cookie = c;
1791 1830
1792 if (params->key) 1831 if ((params->key &&
1793 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA, 1832 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
1794 params->key_len, params->key); 1833 params->key_len, params->key)) ||
1795 1834 (params->seq &&
1796 if (params->seq) 1835 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
1797 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ, 1836 params->seq_len, params->seq)) ||
1798 params->seq_len, params->seq); 1837 (params->cipher &&
1799 1838 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1800 if (params->cipher) 1839 params->cipher)))
1801 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 1840 goto nla_put_failure;
1802 params->cipher);
1803 1841
1804 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 1842 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1805 if (!key) 1843 if (!key)
1806 goto nla_put_failure; 1844 goto nla_put_failure;
1807 1845
1808 if (params->key) 1846 if ((params->key &&
1809 NLA_PUT(cookie->msg, NL80211_KEY_DATA, 1847 nla_put(cookie->msg, NL80211_KEY_DATA,
1810 params->key_len, params->key); 1848 params->key_len, params->key)) ||
1811 1849 (params->seq &&
1812 if (params->seq) 1850 nla_put(cookie->msg, NL80211_KEY_SEQ,
1813 NLA_PUT(cookie->msg, NL80211_KEY_SEQ, 1851 params->seq_len, params->seq)) ||
1814 params->seq_len, params->seq); 1852 (params->cipher &&
1815 1853 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
1816 if (params->cipher) 1854 params->cipher)))
1817 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER, 1855 goto nla_put_failure;
1818 params->cipher);
1819 1856
1820 NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx); 1857 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
1858 goto nla_put_failure;
1821 1859
1822 nla_nest_end(cookie->msg, key); 1860 nla_nest_end(cookie->msg, key);
1823 1861
@@ -1875,10 +1913,12 @@ static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1875 cookie.msg = msg; 1913 cookie.msg = msg;
1876 cookie.idx = key_idx; 1914 cookie.idx = key_idx;
1877 1915
1878 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1916 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
1879 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 1917 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
1880 if (mac_addr) 1918 goto nla_put_failure;
1881 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1919 if (mac_addr &&
1920 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
1921 goto nla_put_failure;
1882 1922
1883 if (pairwise && mac_addr && 1923 if (pairwise && mac_addr &&
1884 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 1924 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
@@ -2368,15 +2408,15 @@ static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2368 2408
2369 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 2409 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
2370 bitrate = cfg80211_calculate_bitrate(info); 2410 bitrate = cfg80211_calculate_bitrate(info);
2371 if (bitrate > 0) 2411 if ((bitrate > 0 &&
2372 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate); 2412 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate)) ||
2373 2413 ((info->flags & RATE_INFO_FLAGS_MCS) &&
2374 if (info->flags & RATE_INFO_FLAGS_MCS) 2414 nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) ||
2375 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, info->mcs); 2415 ((info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) &&
2376 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) 2416 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) ||
2377 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH); 2417 ((info->flags & RATE_INFO_FLAGS_SHORT_GI) &&
2378 if (info->flags & RATE_INFO_FLAGS_SHORT_GI) 2418 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)))
2379 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI); 2419 goto nla_put_failure;
2380 2420
2381 nla_nest_end(msg, rate); 2421 nla_nest_end(msg, rate);
2382 return true; 2422 return true;
@@ -2398,43 +2438,50 @@ static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2398 if (!hdr) 2438 if (!hdr)
2399 return -1; 2439 return -1;
2400 2440
2401 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2441 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2402 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 2442 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
2403 2443 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
2404 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation); 2444 goto nla_put_failure;
2405 2445
2406 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 2446 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2407 if (!sinfoattr) 2447 if (!sinfoattr)
2408 goto nla_put_failure; 2448 goto nla_put_failure;
2409 if (sinfo->filled & STATION_INFO_CONNECTED_TIME) 2449 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
2410 NLA_PUT_U32(msg, NL80211_STA_INFO_CONNECTED_TIME, 2450 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2411 sinfo->connected_time); 2451 sinfo->connected_time))
2412 if (sinfo->filled & STATION_INFO_INACTIVE_TIME) 2452 goto nla_put_failure;
2413 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME, 2453 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
2414 sinfo->inactive_time); 2454 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2415 if (sinfo->filled & STATION_INFO_RX_BYTES) 2455 sinfo->inactive_time))
2416 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES, 2456 goto nla_put_failure;
2417 sinfo->rx_bytes); 2457 if ((sinfo->filled & STATION_INFO_RX_BYTES) &&
2418 if (sinfo->filled & STATION_INFO_TX_BYTES) 2458 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
2419 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES, 2459 sinfo->rx_bytes))
2420 sinfo->tx_bytes); 2460 goto nla_put_failure;
2421 if (sinfo->filled & STATION_INFO_LLID) 2461 if ((sinfo->filled & STATION_INFO_TX_BYTES) &&
2422 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID, 2462 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
2423 sinfo->llid); 2463 sinfo->tx_bytes))
2424 if (sinfo->filled & STATION_INFO_PLID) 2464 goto nla_put_failure;
2425 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID, 2465 if ((sinfo->filled & STATION_INFO_LLID) &&
2426 sinfo->plid); 2466 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
2427 if (sinfo->filled & STATION_INFO_PLINK_STATE) 2467 goto nla_put_failure;
2428 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE, 2468 if ((sinfo->filled & STATION_INFO_PLID) &&
2429 sinfo->plink_state); 2469 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
2470 goto nla_put_failure;
2471 if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
2472 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
2473 sinfo->plink_state))
2474 goto nla_put_failure;
2430 switch (rdev->wiphy.signal_type) { 2475 switch (rdev->wiphy.signal_type) {
2431 case CFG80211_SIGNAL_TYPE_MBM: 2476 case CFG80211_SIGNAL_TYPE_MBM:
2432 if (sinfo->filled & STATION_INFO_SIGNAL) 2477 if ((sinfo->filled & STATION_INFO_SIGNAL) &&
2433 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL, 2478 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
2434 sinfo->signal); 2479 sinfo->signal))
2435 if (sinfo->filled & STATION_INFO_SIGNAL_AVG) 2480 goto nla_put_failure;
2436 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL_AVG, 2481 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
2437 sinfo->signal_avg); 2482 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2483 sinfo->signal_avg))
2484 goto nla_put_failure;
2438 break; 2485 break;
2439 default: 2486 default:
2440 break; 2487 break;
@@ -2449,49 +2496,56 @@ static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2449 NL80211_STA_INFO_RX_BITRATE)) 2496 NL80211_STA_INFO_RX_BITRATE))
2450 goto nla_put_failure; 2497 goto nla_put_failure;
2451 } 2498 }
2452 if (sinfo->filled & STATION_INFO_RX_PACKETS) 2499 if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
2453 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS, 2500 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
2454 sinfo->rx_packets); 2501 sinfo->rx_packets))
2455 if (sinfo->filled & STATION_INFO_TX_PACKETS) 2502 goto nla_put_failure;
2456 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS, 2503 if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
2457 sinfo->tx_packets); 2504 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
2458 if (sinfo->filled & STATION_INFO_TX_RETRIES) 2505 sinfo->tx_packets))
2459 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_RETRIES, 2506 goto nla_put_failure;
2460 sinfo->tx_retries); 2507 if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
2461 if (sinfo->filled & STATION_INFO_TX_FAILED) 2508 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
2462 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_FAILED, 2509 sinfo->tx_retries))
2463 sinfo->tx_failed); 2510 goto nla_put_failure;
2464 if (sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) 2511 if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
2465 NLA_PUT_U32(msg, NL80211_STA_INFO_BEACON_LOSS, 2512 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
2466 sinfo->beacon_loss_count); 2513 sinfo->tx_failed))
2514 goto nla_put_failure;
2515 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
2516 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
2517 sinfo->beacon_loss_count))
2518 goto nla_put_failure;
2467 if (sinfo->filled & STATION_INFO_BSS_PARAM) { 2519 if (sinfo->filled & STATION_INFO_BSS_PARAM) {
2468 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 2520 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
2469 if (!bss_param) 2521 if (!bss_param)
2470 goto nla_put_failure; 2522 goto nla_put_failure;
2471 2523
2472 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) 2524 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
2473 NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_CTS_PROT); 2525 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
2474 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) 2526 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
2475 NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE); 2527 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
2476 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) 2528 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
2477 NLA_PUT_FLAG(msg, 2529 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
2478 NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME); 2530 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
2479 NLA_PUT_U8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 2531 sinfo->bss_param.dtim_period) ||
2480 sinfo->bss_param.dtim_period); 2532 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
2481 NLA_PUT_U16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 2533 sinfo->bss_param.beacon_interval))
2482 sinfo->bss_param.beacon_interval); 2534 goto nla_put_failure;
2483 2535
2484 nla_nest_end(msg, bss_param); 2536 nla_nest_end(msg, bss_param);
2485 } 2537 }
2486 if (sinfo->filled & STATION_INFO_STA_FLAGS) 2538 if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
2487 NLA_PUT(msg, NL80211_STA_INFO_STA_FLAGS, 2539 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
2488 sizeof(struct nl80211_sta_flag_update), 2540 sizeof(struct nl80211_sta_flag_update),
2489 &sinfo->sta_flags); 2541 &sinfo->sta_flags))
2542 goto nla_put_failure;
2490 nla_nest_end(msg, sinfoattr); 2543 nla_nest_end(msg, sinfoattr);
2491 2544
2492 if (sinfo->filled & STATION_INFO_ASSOC_REQ_IES) 2545 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
2493 NLA_PUT(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 2546 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
2494 sinfo->assoc_req_ies); 2547 sinfo->assoc_req_ies))
2548 goto nla_put_failure;
2495 2549
2496 return genlmsg_end(msg, hdr); 2550 return genlmsg_end(msg, hdr);
2497 2551
@@ -2913,36 +2967,37 @@ static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2913 if (!hdr) 2967 if (!hdr)
2914 return -1; 2968 return -1;
2915 2969
2916 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2970 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2917 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 2971 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
2918 NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop); 2972 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
2919 2973 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
2920 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation); 2974 goto nla_put_failure;
2921 2975
2922 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 2976 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2923 if (!pinfoattr) 2977 if (!pinfoattr)
2924 goto nla_put_failure; 2978 goto nla_put_failure;
2925 if (pinfo->filled & MPATH_INFO_FRAME_QLEN) 2979 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
2926 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 2980 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2927 pinfo->frame_qlen); 2981 pinfo->frame_qlen))
2928 if (pinfo->filled & MPATH_INFO_SN) 2982 goto nla_put_failure;
2929 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN, 2983 if (((pinfo->filled & MPATH_INFO_SN) &&
2930 pinfo->sn); 2984 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
2931 if (pinfo->filled & MPATH_INFO_METRIC) 2985 ((pinfo->filled & MPATH_INFO_METRIC) &&
2932 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC, 2986 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
2933 pinfo->metric); 2987 pinfo->metric)) ||
2934 if (pinfo->filled & MPATH_INFO_EXPTIME) 2988 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
2935 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME, 2989 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
2936 pinfo->exptime); 2990 pinfo->exptime)) ||
2937 if (pinfo->filled & MPATH_INFO_FLAGS) 2991 ((pinfo->filled & MPATH_INFO_FLAGS) &&
2938 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS, 2992 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
2939 pinfo->flags); 2993 pinfo->flags)) ||
2940 if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) 2994 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
2941 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 2995 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2942 pinfo->discovery_timeout); 2996 pinfo->discovery_timeout)) ||
2943 if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) 2997 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
2944 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 2998 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2945 pinfo->discovery_retries); 2999 pinfo->discovery_retries)))
3000 goto nla_put_failure;
2946 3001
2947 nla_nest_end(msg, pinfoattr); 3002 nla_nest_end(msg, pinfoattr);
2948 3003
@@ -3268,47 +3323,48 @@ static int nl80211_get_mesh_config(struct sk_buff *skb,
3268 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 3323 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
3269 if (!pinfoattr) 3324 if (!pinfoattr)
3270 goto nla_put_failure; 3325 goto nla_put_failure;
3271 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 3326 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3272 NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 3327 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
3273 cur_params.dot11MeshRetryTimeout); 3328 cur_params.dot11MeshRetryTimeout) ||
3274 NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 3329 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
3275 cur_params.dot11MeshConfirmTimeout); 3330 cur_params.dot11MeshConfirmTimeout) ||
3276 NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 3331 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
3277 cur_params.dot11MeshHoldingTimeout); 3332 cur_params.dot11MeshHoldingTimeout) ||
3278 NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 3333 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
3279 cur_params.dot11MeshMaxPeerLinks); 3334 cur_params.dot11MeshMaxPeerLinks) ||
3280 NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES, 3335 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
3281 cur_params.dot11MeshMaxRetries); 3336 cur_params.dot11MeshMaxRetries) ||
3282 NLA_PUT_U8(msg, NL80211_MESHCONF_TTL, 3337 nla_put_u8(msg, NL80211_MESHCONF_TTL,
3283 cur_params.dot11MeshTTL); 3338 cur_params.dot11MeshTTL) ||
3284 NLA_PUT_U8(msg, NL80211_MESHCONF_ELEMENT_TTL, 3339 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
3285 cur_params.element_ttl); 3340 cur_params.element_ttl) ||
3286 NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 3341 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
3287 cur_params.auto_open_plinks); 3342 cur_params.auto_open_plinks) ||
3288 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3343 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3289 cur_params.dot11MeshHWMPmaxPREQretries); 3344 cur_params.dot11MeshHWMPmaxPREQretries) ||
3290 NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 3345 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
3291 cur_params.path_refresh_time); 3346 cur_params.path_refresh_time) ||
3292 NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3347 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3293 cur_params.min_discovery_timeout); 3348 cur_params.min_discovery_timeout) ||
3294 NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3349 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3295 cur_params.dot11MeshHWMPactivePathTimeout); 3350 cur_params.dot11MeshHWMPactivePathTimeout) ||
3296 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3351 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3297 cur_params.dot11MeshHWMPpreqMinInterval); 3352 cur_params.dot11MeshHWMPpreqMinInterval) ||
3298 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3353 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3299 cur_params.dot11MeshHWMPperrMinInterval); 3354 cur_params.dot11MeshHWMPperrMinInterval) ||
3300 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3355 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3301 cur_params.dot11MeshHWMPnetDiameterTraversalTime); 3356 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
3302 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 3357 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
3303 cur_params.dot11MeshHWMPRootMode); 3358 cur_params.dot11MeshHWMPRootMode) ||
3304 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3359 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3305 cur_params.dot11MeshHWMPRannInterval); 3360 cur_params.dot11MeshHWMPRannInterval) ||
3306 NLA_PUT_U8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3361 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3307 cur_params.dot11MeshGateAnnouncementProtocol); 3362 cur_params.dot11MeshGateAnnouncementProtocol) ||
3308 NLA_PUT_U8(msg, NL80211_MESHCONF_FORWARDING, 3363 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
3309 cur_params.dot11MeshForwarding); 3364 cur_params.dot11MeshForwarding) ||
3310 NLA_PUT_U32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 3365 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
3311 cur_params.rssi_threshold); 3366 cur_params.rssi_threshold))
3367 goto nla_put_failure;
3312 nla_nest_end(msg, pinfoattr); 3368 nla_nest_end(msg, pinfoattr);
3313 genlmsg_end(msg, hdr); 3369 genlmsg_end(msg, hdr);
3314 return genlmsg_reply(msg, info); 3370 return genlmsg_reply(msg, info);
@@ -3539,11 +3595,12 @@ static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3539 if (!hdr) 3595 if (!hdr)
3540 goto put_failure; 3596 goto put_failure;
3541 3597
3542 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, 3598 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
3543 cfg80211_regdomain->alpha2); 3599 cfg80211_regdomain->alpha2) ||
3544 if (cfg80211_regdomain->dfs_region) 3600 (cfg80211_regdomain->dfs_region &&
3545 NLA_PUT_U8(msg, NL80211_ATTR_DFS_REGION, 3601 nla_put_u8(msg, NL80211_ATTR_DFS_REGION,
3546 cfg80211_regdomain->dfs_region); 3602 cfg80211_regdomain->dfs_region)))
3603 goto nla_put_failure;
3547 3604
3548 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 3605 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
3549 if (!nl_reg_rules) 3606 if (!nl_reg_rules)
@@ -3563,18 +3620,19 @@ static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3563 if (!nl_reg_rule) 3620 if (!nl_reg_rule)
3564 goto nla_put_failure; 3621 goto nla_put_failure;
3565 3622
3566 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS, 3623 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
3567 reg_rule->flags); 3624 reg_rule->flags) ||
3568 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START, 3625 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
3569 freq_range->start_freq_khz); 3626 freq_range->start_freq_khz) ||
3570 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END, 3627 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
3571 freq_range->end_freq_khz); 3628 freq_range->end_freq_khz) ||
3572 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 3629 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
3573 freq_range->max_bandwidth_khz); 3630 freq_range->max_bandwidth_khz) ||
3574 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 3631 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
3575 power_rule->max_antenna_gain); 3632 power_rule->max_antenna_gain) ||
3576 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 3633 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
3577 power_rule->max_eirp); 3634 power_rule->max_eirp))
3635 goto nla_put_failure;
3578 3636
3579 nla_nest_end(msg, nl_reg_rule); 3637 nla_nest_end(msg, nl_reg_rule);
3580 } 3638 }
@@ -4145,37 +4203,44 @@ static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
4145 4203
4146 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 4204 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
4147 4205
4148 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation); 4206 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) ||
4149 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex); 4207 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
4208 goto nla_put_failure;
4150 4209
4151 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 4210 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
4152 if (!bss) 4211 if (!bss)
4153 goto nla_put_failure; 4212 goto nla_put_failure;
4154 if (!is_zero_ether_addr(res->bssid)) 4213 if ((!is_zero_ether_addr(res->bssid) &&
4155 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid); 4214 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)) ||
4156 if (res->information_elements && res->len_information_elements) 4215 (res->information_elements && res->len_information_elements &&
4157 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS, 4216 nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
4158 res->len_information_elements, 4217 res->len_information_elements,
4159 res->information_elements); 4218 res->information_elements)) ||
4160 if (res->beacon_ies && res->len_beacon_ies && 4219 (res->beacon_ies && res->len_beacon_ies &&
4161 res->beacon_ies != res->information_elements) 4220 res->beacon_ies != res->information_elements &&
4162 NLA_PUT(msg, NL80211_BSS_BEACON_IES, 4221 nla_put(msg, NL80211_BSS_BEACON_IES,
4163 res->len_beacon_ies, res->beacon_ies); 4222 res->len_beacon_ies, res->beacon_ies)))
4164 if (res->tsf) 4223 goto nla_put_failure;
4165 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf); 4224 if (res->tsf &&
4166 if (res->beacon_interval) 4225 nla_put_u64(msg, NL80211_BSS_TSF, res->tsf))
4167 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval); 4226 goto nla_put_failure;
4168 NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability); 4227 if (res->beacon_interval &&
4169 NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq); 4228 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
4170 NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO, 4229 goto nla_put_failure;
4171 jiffies_to_msecs(jiffies - intbss->ts)); 4230 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
4231 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
4232 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
4233 jiffies_to_msecs(jiffies - intbss->ts)))
4234 goto nla_put_failure;
4172 4235
4173 switch (rdev->wiphy.signal_type) { 4236 switch (rdev->wiphy.signal_type) {
4174 case CFG80211_SIGNAL_TYPE_MBM: 4237 case CFG80211_SIGNAL_TYPE_MBM:
4175 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal); 4238 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
4239 goto nla_put_failure;
4176 break; 4240 break;
4177 case CFG80211_SIGNAL_TYPE_UNSPEC: 4241 case CFG80211_SIGNAL_TYPE_UNSPEC:
4178 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal); 4242 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
4243 goto nla_put_failure;
4179 break; 4244 break;
4180 default: 4245 default:
4181 break; 4246 break;
@@ -4184,14 +4249,16 @@ static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
4184 switch (wdev->iftype) { 4249 switch (wdev->iftype) {
4185 case NL80211_IFTYPE_P2P_CLIENT: 4250 case NL80211_IFTYPE_P2P_CLIENT:
4186 case NL80211_IFTYPE_STATION: 4251 case NL80211_IFTYPE_STATION:
4187 if (intbss == wdev->current_bss) 4252 if (intbss == wdev->current_bss &&
4188 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 4253 nla_put_u32(msg, NL80211_BSS_STATUS,
4189 NL80211_BSS_STATUS_ASSOCIATED); 4254 NL80211_BSS_STATUS_ASSOCIATED))
4255 goto nla_put_failure;
4190 break; 4256 break;
4191 case NL80211_IFTYPE_ADHOC: 4257 case NL80211_IFTYPE_ADHOC:
4192 if (intbss == wdev->current_bss) 4258 if (intbss == wdev->current_bss &&
4193 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 4259 nla_put_u32(msg, NL80211_BSS_STATUS,
4194 NL80211_BSS_STATUS_IBSS_JOINED); 4260 NL80211_BSS_STATUS_IBSS_JOINED))
4261 goto nla_put_failure;
4195 break; 4262 break;
4196 default: 4263 default:
4197 break; 4264 break;
@@ -4260,34 +4327,43 @@ static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
4260 if (!hdr) 4327 if (!hdr)
4261 return -ENOMEM; 4328 return -ENOMEM;
4262 4329
4263 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 4330 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
4331 goto nla_put_failure;
4264 4332
4265 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 4333 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
4266 if (!infoattr) 4334 if (!infoattr)
4267 goto nla_put_failure; 4335 goto nla_put_failure;
4268 4336
4269 NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY, 4337 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
4270 survey->channel->center_freq); 4338 survey->channel->center_freq))
4271 if (survey->filled & SURVEY_INFO_NOISE_DBM) 4339 goto nla_put_failure;
4272 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE, 4340
4273 survey->noise); 4341 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
4274 if (survey->filled & SURVEY_INFO_IN_USE) 4342 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
4275 NLA_PUT_FLAG(msg, NL80211_SURVEY_INFO_IN_USE); 4343 goto nla_put_failure;
4276 if (survey->filled & SURVEY_INFO_CHANNEL_TIME) 4344 if ((survey->filled & SURVEY_INFO_IN_USE) &&
4277 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME, 4345 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
4278 survey->channel_time); 4346 goto nla_put_failure;
4279 if (survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) 4347 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
4280 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY, 4348 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
4281 survey->channel_time_busy); 4349 survey->channel_time))
4282 if (survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) 4350 goto nla_put_failure;
4283 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY, 4351 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
4284 survey->channel_time_ext_busy); 4352 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
4285 if (survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) 4353 survey->channel_time_busy))
4286 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX, 4354 goto nla_put_failure;
4287 survey->channel_time_rx); 4355 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
4288 if (survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) 4356 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
4289 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX, 4357 survey->channel_time_ext_busy))
4290 survey->channel_time_tx); 4358 goto nla_put_failure;
4359 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
4360 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
4361 survey->channel_time_rx))
4362 goto nla_put_failure;
4363 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
4364 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
4365 survey->channel_time_tx))
4366 goto nla_put_failure;
4291 4367
4292 nla_nest_end(msg, infoattr); 4368 nla_nest_end(msg, infoattr);
4293 4369
@@ -4968,7 +5044,7 @@ static int nl80211_testmode_dump(struct sk_buff *skb,
4968 NL80211_CMD_TESTMODE); 5044 NL80211_CMD_TESTMODE);
4969 struct nlattr *tmdata; 5045 struct nlattr *tmdata;
4970 5046
4971 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx) < 0) { 5047 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
4972 genlmsg_cancel(skb, hdr); 5048 genlmsg_cancel(skb, hdr);
4973 break; 5049 break;
4974 } 5050 }
@@ -5019,7 +5095,8 @@ __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
5019 return NULL; 5095 return NULL;
5020 } 5096 }
5021 5097
5022 NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5098 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
5099 goto nla_put_failure;
5023 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5100 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
5024 5101
5025 ((void **)skb->cb)[0] = rdev; 5102 ((void **)skb->cb)[0] = rdev;
@@ -5398,7 +5475,8 @@ static int nl80211_remain_on_channel(struct sk_buff *skb,
5398 if (err) 5475 if (err)
5399 goto free_msg; 5476 goto free_msg;
5400 5477
5401 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 5478 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
5479 goto nla_put_failure;
5402 5480
5403 genlmsg_end(msg, hdr); 5481 genlmsg_end(msg, hdr);
5404 5482
@@ -5685,7 +5763,8 @@ static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
5685 goto free_msg; 5763 goto free_msg;
5686 5764
5687 if (msg) { 5765 if (msg) {
5688 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 5766 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
5767 goto nla_put_failure;
5689 5768
5690 genlmsg_end(msg, hdr); 5769 genlmsg_end(msg, hdr);
5691 return genlmsg_reply(msg, info); 5770 return genlmsg_reply(msg, info);
@@ -5790,7 +5869,8 @@ static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
5790 else 5869 else
5791 ps_state = NL80211_PS_DISABLED; 5870 ps_state = NL80211_PS_DISABLED;
5792 5871
5793 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state); 5872 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
5873 goto nla_put_failure;
5794 5874
5795 genlmsg_end(msg, hdr); 5875 genlmsg_end(msg, hdr);
5796 return genlmsg_reply(msg, info); 5876 return genlmsg_reply(msg, info);
@@ -5937,20 +6017,21 @@ static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
5937 if (!nl_wowlan) 6017 if (!nl_wowlan)
5938 goto nla_put_failure; 6018 goto nla_put_failure;
5939 6019
5940 if (rdev->wowlan->any) 6020 if ((rdev->wowlan->any &&
5941 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY); 6021 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
5942 if (rdev->wowlan->disconnect) 6022 (rdev->wowlan->disconnect &&
5943 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT); 6023 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
5944 if (rdev->wowlan->magic_pkt) 6024 (rdev->wowlan->magic_pkt &&
5945 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT); 6025 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
5946 if (rdev->wowlan->gtk_rekey_failure) 6026 (rdev->wowlan->gtk_rekey_failure &&
5947 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE); 6027 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
5948 if (rdev->wowlan->eap_identity_req) 6028 (rdev->wowlan->eap_identity_req &&
5949 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST); 6029 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
5950 if (rdev->wowlan->four_way_handshake) 6030 (rdev->wowlan->four_way_handshake &&
5951 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE); 6031 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
5952 if (rdev->wowlan->rfkill_release) 6032 (rdev->wowlan->rfkill_release &&
5953 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE); 6033 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
6034 goto nla_put_failure;
5954 if (rdev->wowlan->n_patterns) { 6035 if (rdev->wowlan->n_patterns) {
5955 struct nlattr *nl_pats, *nl_pat; 6036 struct nlattr *nl_pats, *nl_pat;
5956 int i, pat_len; 6037 int i, pat_len;
@@ -5965,12 +6046,13 @@ static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
5965 if (!nl_pat) 6046 if (!nl_pat)
5966 goto nla_put_failure; 6047 goto nla_put_failure;
5967 pat_len = rdev->wowlan->patterns[i].pattern_len; 6048 pat_len = rdev->wowlan->patterns[i].pattern_len;
5968 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_MASK, 6049 if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK,
5969 DIV_ROUND_UP(pat_len, 8), 6050 DIV_ROUND_UP(pat_len, 8),
5970 rdev->wowlan->patterns[i].mask); 6051 rdev->wowlan->patterns[i].mask) ||
5971 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_PATTERN, 6052 nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
5972 pat_len, 6053 pat_len,
5973 rdev->wowlan->patterns[i].pattern); 6054 rdev->wowlan->patterns[i].pattern))
6055 goto nla_put_failure;
5974 nla_nest_end(msg, nl_pat); 6056 nla_nest_end(msg, nl_pat);
5975 } 6057 }
5976 nla_nest_end(msg, nl_pats); 6058 nla_nest_end(msg, nl_pats);
@@ -6243,7 +6325,8 @@ static int nl80211_probe_client(struct sk_buff *skb,
6243 if (err) 6325 if (err)
6244 goto free_msg; 6326 goto free_msg;
6245 6327
6246 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 6328 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
6329 goto nla_put_failure;
6247 6330
6248 genlmsg_end(msg, hdr); 6331 genlmsg_end(msg, hdr);
6249 6332
@@ -6911,19 +6994,24 @@ static int nl80211_add_scan_req(struct sk_buff *msg,
6911 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 6994 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
6912 if (!nest) 6995 if (!nest)
6913 goto nla_put_failure; 6996 goto nla_put_failure;
6914 for (i = 0; i < req->n_ssids; i++) 6997 for (i = 0; i < req->n_ssids; i++) {
6915 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid); 6998 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
6999 goto nla_put_failure;
7000 }
6916 nla_nest_end(msg, nest); 7001 nla_nest_end(msg, nest);
6917 7002
6918 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 7003 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
6919 if (!nest) 7004 if (!nest)
6920 goto nla_put_failure; 7005 goto nla_put_failure;
6921 for (i = 0; i < req->n_channels; i++) 7006 for (i = 0; i < req->n_channels; i++) {
6922 NLA_PUT_U32(msg, i, req->channels[i]->center_freq); 7007 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
7008 goto nla_put_failure;
7009 }
6923 nla_nest_end(msg, nest); 7010 nla_nest_end(msg, nest);
6924 7011
6925 if (req->ie) 7012 if (req->ie &&
6926 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie); 7013 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
7014 goto nla_put_failure;
6927 7015
6928 return 0; 7016 return 0;
6929 nla_put_failure: 7017 nla_put_failure:
@@ -6942,8 +7030,9 @@ static int nl80211_send_scan_msg(struct sk_buff *msg,
6942 if (!hdr) 7030 if (!hdr)
6943 return -1; 7031 return -1;
6944 7032
6945 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7033 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
6946 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7034 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
7035 goto nla_put_failure;
6947 7036
6948 /* ignore errors and send incomplete event anyway */ 7037 /* ignore errors and send incomplete event anyway */
6949 nl80211_add_scan_req(msg, rdev); 7038 nl80211_add_scan_req(msg, rdev);
@@ -6967,8 +7056,9 @@ nl80211_send_sched_scan_msg(struct sk_buff *msg,
6967 if (!hdr) 7056 if (!hdr)
6968 return -1; 7057 return -1;
6969 7058
6970 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7059 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
6971 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7060 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
7061 goto nla_put_failure;
6972 7062
6973 return genlmsg_end(msg, hdr); 7063 return genlmsg_end(msg, hdr);
6974 7064
@@ -7091,26 +7181,33 @@ void nl80211_send_reg_change_event(struct regulatory_request *request)
7091 } 7181 }
7092 7182
7093 /* Userspace can always count this one always being set */ 7183 /* Userspace can always count this one always being set */
7094 NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator); 7184 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
7095 7185 goto nla_put_failure;
7096 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') 7186
7097 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 7187 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
7098 NL80211_REGDOM_TYPE_WORLD); 7188 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
7099 else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') 7189 NL80211_REGDOM_TYPE_WORLD))
7100 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 7190 goto nla_put_failure;
7101 NL80211_REGDOM_TYPE_CUSTOM_WORLD); 7191 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
7102 else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 7192 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
7103 request->intersect) 7193 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
7104 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 7194 goto nla_put_failure;
7105 NL80211_REGDOM_TYPE_INTERSECTION); 7195 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
7106 else { 7196 request->intersect) {
7107 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 7197 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
7108 NL80211_REGDOM_TYPE_COUNTRY); 7198 NL80211_REGDOM_TYPE_INTERSECTION))
7109 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2); 7199 goto nla_put_failure;
7110 } 7200 } else {
7111 7201 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
7112 if (wiphy_idx_valid(request->wiphy_idx)) 7202 NL80211_REGDOM_TYPE_COUNTRY) ||
7113 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx); 7203 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
7204 request->alpha2))
7205 goto nla_put_failure;
7206 }
7207
7208 if (wiphy_idx_valid(request->wiphy_idx) &&
7209 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
7210 goto nla_put_failure;
7114 7211
7115 genlmsg_end(msg, hdr); 7212 genlmsg_end(msg, hdr);
7116 7213
@@ -7144,9 +7241,10 @@ static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
7144 return; 7241 return;
7145 } 7242 }
7146 7243
7147 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7244 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7148 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7245 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7149 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 7246 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
7247 goto nla_put_failure;
7150 7248
7151 genlmsg_end(msg, hdr); 7249 genlmsg_end(msg, hdr);
7152 7250
@@ -7224,10 +7322,11 @@ static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
7224 return; 7322 return;
7225 } 7323 }
7226 7324
7227 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7325 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7228 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7326 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7229 NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT); 7327 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
7230 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7328 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
7329 goto nla_put_failure;
7231 7330
7232 genlmsg_end(msg, hdr); 7331 genlmsg_end(msg, hdr);
7233 7332
@@ -7275,15 +7374,15 @@ void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
7275 return; 7374 return;
7276 } 7375 }
7277 7376
7278 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7377 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7279 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7378 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7280 if (bssid) 7379 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
7281 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 7380 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
7282 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status); 7381 (req_ie &&
7283 if (req_ie) 7382 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
7284 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 7383 (resp_ie &&
7285 if (resp_ie) 7384 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
7286 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 7385 goto nla_put_failure;
7287 7386
7288 genlmsg_end(msg, hdr); 7387 genlmsg_end(msg, hdr);
7289 7388
@@ -7315,13 +7414,14 @@ void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
7315 return; 7414 return;
7316 } 7415 }
7317 7416
7318 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7417 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7319 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7418 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7320 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 7419 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
7321 if (req_ie) 7420 (req_ie &&
7322 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 7421 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
7323 if (resp_ie) 7422 (resp_ie &&
7324 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 7423 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
7424 goto nla_put_failure;
7325 7425
7326 genlmsg_end(msg, hdr); 7426 genlmsg_end(msg, hdr);
7327 7427
@@ -7352,14 +7452,14 @@ void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
7352 return; 7452 return;
7353 } 7453 }
7354 7454
7355 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7455 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7356 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7456 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7357 if (from_ap && reason) 7457 (from_ap && reason &&
7358 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason); 7458 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
7359 if (from_ap) 7459 (from_ap &&
7360 NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP); 7460 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
7361 if (ie) 7461 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
7362 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie); 7462 goto nla_put_failure;
7363 7463
7364 genlmsg_end(msg, hdr); 7464 genlmsg_end(msg, hdr);
7365 7465
@@ -7390,9 +7490,10 @@ void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
7390 return; 7490 return;
7391 } 7491 }
7392 7492
7393 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7493 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7394 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7494 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7395 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 7495 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
7496 goto nla_put_failure;
7396 7497
7397 genlmsg_end(msg, hdr); 7498 genlmsg_end(msg, hdr);
7398 7499
@@ -7423,11 +7524,12 @@ void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev,
7423 return; 7524 return;
7424 } 7525 }
7425 7526
7426 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7527 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7427 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7528 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7428 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr); 7529 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr) ||
7429 if (ie_len && ie) 7530 (ie_len && ie &&
7430 NLA_PUT(msg, NL80211_ATTR_IE, ie_len , ie); 7531 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
7532 goto nla_put_failure;
7431 7533
7432 genlmsg_end(msg, hdr); 7534 genlmsg_end(msg, hdr);
7433 7535
@@ -7458,15 +7560,14 @@ void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
7458 return; 7560 return;
7459 } 7561 }
7460 7562
7461 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7563 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7462 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7564 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7463 if (addr) 7565 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
7464 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7566 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
7465 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type); 7567 (key_id != -1 &&
7466 if (key_id != -1) 7568 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
7467 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id); 7569 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
7468 if (tsc) 7570 goto nla_put_failure;
7469 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc);
7470 7571
7471 genlmsg_end(msg, hdr); 7572 genlmsg_end(msg, hdr);
7472 7573
@@ -7501,7 +7602,8 @@ void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
7501 * Since we are applying the beacon hint to a wiphy we know its 7602 * Since we are applying the beacon hint to a wiphy we know its
7502 * wiphy_idx is valid 7603 * wiphy_idx is valid
7503 */ 7604 */
7504 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)); 7605 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7606 goto nla_put_failure;
7505 7607
7506 /* Before */ 7608 /* Before */
7507 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 7609 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
@@ -7553,14 +7655,16 @@ static void nl80211_send_remain_on_chan_event(
7553 return; 7655 return;
7554 } 7656 }
7555 7657
7556 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7658 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7557 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7659 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7558 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq); 7660 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
7559 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type); 7661 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type) ||
7560 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 7662 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7663 goto nla_put_failure;
7561 7664
7562 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL) 7665 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
7563 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 7666 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
7667 goto nla_put_failure;
7564 7668
7565 genlmsg_end(msg, hdr); 7669 genlmsg_end(msg, hdr);
7566 7670
@@ -7631,8 +7735,9 @@ void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev,
7631 return; 7735 return;
7632 } 7736 }
7633 7737
7634 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 7738 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7635 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 7739 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
7740 goto nla_put_failure;
7636 7741
7637 genlmsg_end(msg, hdr); 7742 genlmsg_end(msg, hdr);
7638 7743
@@ -7668,9 +7773,10 @@ static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
7668 return true; 7773 return true;
7669 } 7774 }
7670 7775
7671 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7776 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7672 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 7777 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7673 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7778 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
7779 goto nla_put_failure;
7674 7780
7675 err = genlmsg_end(msg, hdr); 7781 err = genlmsg_end(msg, hdr);
7676 if (err < 0) { 7782 if (err < 0) {
@@ -7719,12 +7825,13 @@ int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
7719 return -ENOMEM; 7825 return -ENOMEM;
7720 } 7826 }
7721 7827
7722 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7828 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7723 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7829 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7724 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 7830 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
7725 if (sig_dbm) 7831 (sig_dbm &&
7726 NLA_PUT_U32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm); 7832 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
7727 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 7833 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
7834 goto nla_put_failure;
7728 7835
7729 genlmsg_end(msg, hdr); 7836 genlmsg_end(msg, hdr);
7730 7837
@@ -7754,12 +7861,12 @@ void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev,
7754 return; 7861 return;
7755 } 7862 }
7756 7863
7757 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7864 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7758 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7865 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7759 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 7866 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
7760 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 7867 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
7761 if (ack) 7868 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
7762 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK); 7869 goto nla_put_failure;
7763 7870
7764 genlmsg_end(msg, hdr); 7871 genlmsg_end(msg, hdr);
7765 7872
@@ -7791,15 +7898,17 @@ nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev,
7791 return; 7898 return;
7792 } 7899 }
7793 7900
7794 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7901 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7795 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7902 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
7903 goto nla_put_failure;
7796 7904
7797 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 7905 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
7798 if (!pinfoattr) 7906 if (!pinfoattr)
7799 goto nla_put_failure; 7907 goto nla_put_failure;
7800 7908
7801 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 7909 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
7802 rssi_event); 7910 rssi_event))
7911 goto nla_put_failure;
7803 7912
7804 nla_nest_end(msg, pinfoattr); 7913 nla_nest_end(msg, pinfoattr);
7805 7914
@@ -7832,16 +7941,18 @@ void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
7832 return; 7941 return;
7833 } 7942 }
7834 7943
7835 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7944 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7836 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7945 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7837 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 7946 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
7947 goto nla_put_failure;
7838 7948
7839 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 7949 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
7840 if (!rekey_attr) 7950 if (!rekey_attr)
7841 goto nla_put_failure; 7951 goto nla_put_failure;
7842 7952
7843 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, 7953 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
7844 NL80211_REPLAY_CTR_LEN, replay_ctr); 7954 NL80211_REPLAY_CTR_LEN, replay_ctr))
7955 goto nla_put_failure;
7845 7956
7846 nla_nest_end(msg, rekey_attr); 7957 nla_nest_end(msg, rekey_attr);
7847 7958
@@ -7874,17 +7985,19 @@ void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
7874 return; 7985 return;
7875 } 7986 }
7876 7987
7877 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7988 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7878 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7989 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
7990 goto nla_put_failure;
7879 7991
7880 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 7992 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
7881 if (!attr) 7993 if (!attr)
7882 goto nla_put_failure; 7994 goto nla_put_failure;
7883 7995
7884 NLA_PUT_U32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index); 7996 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
7885 NLA_PUT(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid); 7997 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
7886 if (preauth) 7998 (preauth &&
7887 NLA_PUT_FLAG(msg, NL80211_PMKSA_CANDIDATE_PREAUTH); 7999 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
8000 goto nla_put_failure;
7888 8001
7889 nla_nest_end(msg, attr); 8002 nla_nest_end(msg, attr);
7890 8003
@@ -7918,15 +8031,17 @@ nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev,
7918 return; 8031 return;
7919 } 8032 }
7920 8033
7921 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 8034 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7922 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 8035 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
7923 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer); 8036 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
8037 goto nla_put_failure;
7924 8038
7925 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 8039 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
7926 if (!pinfoattr) 8040 if (!pinfoattr)
7927 goto nla_put_failure; 8041 goto nla_put_failure;
7928 8042
7929 NLA_PUT_U32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets); 8043 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
8044 goto nla_put_failure;
7930 8045
7931 nla_nest_end(msg, pinfoattr); 8046 nla_nest_end(msg, pinfoattr);
7932 8047
@@ -7960,12 +8075,12 @@ void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
7960 return; 8075 return;
7961 } 8076 }
7962 8077
7963 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 8078 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7964 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 8079 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7965 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8080 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
7966 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 8081 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
7967 if (acked) 8082 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
7968 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK); 8083 goto nla_put_failure;
7969 8084
7970 err = genlmsg_end(msg, hdr); 8085 err = genlmsg_end(msg, hdr);
7971 if (err < 0) { 8086 if (err < 0) {
@@ -8005,12 +8120,13 @@ void cfg80211_report_obss_beacon(struct wiphy *wiphy,
8005 return; 8120 return;
8006 } 8121 }
8007 8122
8008 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 8123 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8009 if (freq) 8124 (freq &&
8010 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 8125 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
8011 if (sig_dbm) 8126 (sig_dbm &&
8012 NLA_PUT_U32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm); 8127 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
8013 NLA_PUT(msg, NL80211_ATTR_FRAME, len, frame); 8128 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
8129 goto nla_put_failure;
8014 8130
8015 genlmsg_end(msg, hdr); 8131 genlmsg_end(msg, hdr);
8016 8132
diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c
index 0af7f54e4f61..9f544c95171c 100644
--- a/net/wireless/wext-core.c
+++ b/net/wireless/wext-core.c
@@ -402,7 +402,8 @@ static struct nlmsghdr *rtnetlink_ifinfo_prep(struct net_device *dev,
402 r->ifi_flags = dev_get_flags(dev); 402 r->ifi_flags = dev_get_flags(dev);
403 r->ifi_change = 0; /* Wireless changes don't affect those flags */ 403 r->ifi_change = 0; /* Wireless changes don't affect those flags */
404 404
405 NLA_PUT_STRING(skb, IFLA_IFNAME, dev->name); 405 if (nla_put_string(skb, IFLA_IFNAME, dev->name))
406 goto nla_put_failure;
406 407
407 return nlh; 408 return nlh;
408 nla_put_failure: 409 nla_put_failure: