samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Fix potential NULL dereference in P2P

Browse Source 
1) Check for validity of ps_config before dereferencing.
2) Check for validity of lo_start before dereferencing.
3) Initialize tmp_p2p_ie before using it.

Change-Id: I4cd5bcb025e63d727e5535921a4e4121d618ee36
CRs-Fixed: 2160760
This commit is contained in:
Varun Reddy Yeturu
2018-01-04 16:25:06 -08:00
committed by snandini
parent f2f8dea00b
commit 0b8b57e632
2 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
target_if/p2p/src/target_if_p2p.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2017 The Linux Foundation. All rights reserved.
* Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
@@ -260,9 +260,6 @@ QDF_STATUS target_if_p2p_set_ps(struct wlan_objmgr_psoc *psoc,
QDF_STATUS status;
wmi_unified_t wmi_handle = target_if_get_wmi_handle(psoc);
target_if_debug("psoc:%pK, vdev_id:%d, opp_ps:%d", psoc,
ps_config->vdev_id, ps_config->opp_ps);
if (!wmi_handle) {
target_if_err("Invalid wmi handle");
return QDF_STATUS_E_INVAL;
@@ -273,6 +270,9 @@ QDF_STATUS target_if_p2p_set_ps(struct wlan_objmgr_psoc *psoc,
return QDF_STATUS_E_INVAL;
}
target_if_debug("psoc:%pK, vdev_id:%d, opp_ps:%d", psoc,
ps_config->vdev_id, ps_config->opp_ps);
cmd.opp_ps = ps_config->opp_ps;
cmd.ctwindow = ps_config->ct_window;
cmd.count = ps_config->count;
@@ -301,8 +301,6 @@ QDF_STATUS target_if_p2p_lo_start(struct wlan_objmgr_psoc *psoc,
{
wmi_unified_t wmi_handle = target_if_get_wmi_handle(psoc);
target_if_debug("psoc:%pK, vdev_id:%d", psoc, lo_start->vdev_id);
if (!wmi_handle) {
target_if_err("Invalid wmi handle");
return QDF_STATUS_E_INVAL;
@@ -312,6 +310,7 @@ QDF_STATUS target_if_p2p_lo_start(struct wlan_objmgr_psoc *psoc,
target_if_err("lo start parameters is null");
return QDF_STATUS_E_INVAL;
}
target_if_debug("psoc:%pK, vdev_id:%d", psoc, lo_start->vdev_id);
return wmi_unified_p2p_lo_start_cmd(wmi_handle, lo_start);
}

4
umac/p2p/core/src/wlan_p2p_off_chan_tx.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2017 The Linux Foundation. All rights reserved.
* Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
@@ -142,7 +142,7 @@ static const uint8_t *p2p_get_p2pie_from_probe_rsp(
{
const uint8_t *ie;
const uint8_t *p2p_ie;
const uint8_t *tmp_p2p_ie;
const uint8_t *tmp_p2p_ie = NULL;
uint16_t ie_len;
if (tx_ctx->buf_len <= PROBE_RSP_IE_OFFSET) {