qcacmn: Avoid possible NULL dereference
Avoid possible NULL dereference in function tdls_get_all_peers_from_list. Change-Id: I0d7dce6b8cabf5b8cee4429dbc2d5e64f1f32ce8 CRs-Fixed: 2311960
This commit is contained in:
Bala Venkatesh
@@ -209,7 +209,7 @@ QDF_STATUS tdls_delete_all_tdls_peers(struct wlan_objmgr_vdev *vdev,
|
||||
/**
|
||||
* tdls_set_tdls_offchannel() - set tdls off-channel number
|
||||
* @tdls_soc: tdls soc object
|
||||
* @offchanmode: tdls off-channel number
|
||||
* @offchannel: tdls off-channel number
|
||||
*
|
||||
* This function sets tdls off-channel number
|
||||
*
|
||||
@@ -221,7 +221,7 @@ int tdls_set_tdls_offchannel(struct tdls_soc_priv_obj *tdls_soc,
|
||||
/**
|
||||
* tdls_set_tdls_offchannelmode() - set tdls off-channel mode
|
||||
* @adapter: Pointer to the HDD adapter
|
||||
* @offchannel: tdls off-channel mode
|
||||
* @offchanmode: tdls off-channel mode
|
||||
*
|
||||
* This function sets tdls off-channel mode
|
||||
*
|
||||
|
||||
@@ -254,6 +254,110 @@ QDF_STATUS tdls_vdev_obj_destroy_notification(struct wlan_objmgr_vdev *vdev,
|
||||
return status;
|
||||
}
|
||||
|
||||
/**
|
||||
* __tdls_get_all_peers_from_list() - get all the tdls peers from the list
|
||||
* @get_tdls_peers: get_tdls_peers object
|
||||
*
|
||||
* Return: int
|
||||
*/
|
||||
static int __tdls_get_all_peers_from_list(
|
||||
struct tdls_get_all_peers *get_tdls_peers)
|
||||
{
|
||||
int i;
|
||||
int len, init_len;
|
||||
qdf_list_t *head;
|
||||
qdf_list_node_t *p_node;
|
||||
struct tdls_peer *curr_peer;
|
||||
char *buf;
|
||||
int buf_len;
|
||||
struct tdls_vdev_priv_obj *tdls_vdev;
|
||||
QDF_STATUS status;
|
||||
|
||||
tdls_notice("Enter ");
|
||||
|
||||
buf = get_tdls_peers->buf;
|
||||
buf_len = get_tdls_peers->buf_len;
|
||||
|
||||
if (!tdls_is_vdev_connected(get_tdls_peers->vdev)) {
|
||||
len = qdf_scnprintf(buf, buf_len,
|
||||
"\nSTA is not associated\n");
|
||||
return len;
|
||||
}
|
||||
|
||||
tdls_vdev = wlan_vdev_get_tdls_vdev_obj(get_tdls_peers->vdev);
|
||||
|
||||
if (!tdls_vdev) {
|
||||
len = qdf_scnprintf(buf, buf_len, "TDLS not enabled\n");
|
||||
return len;
|
||||
}
|
||||
|
||||
init_len = buf_len;
|
||||
len = qdf_scnprintf(buf, buf_len,
|
||||
"\n%-18s%-3s%-4s%-3s%-5s\n",
|
||||
"MAC", "Id", "cap", "up", "RSSI");
|
||||
buf += len;
|
||||
buf_len -= len;
|
||||
len = qdf_scnprintf(buf, buf_len,
|
||||
"---------------------------------\n");
|
||||
buf += len;
|
||||
buf_len -= len;
|
||||
|
||||
for (i = 0; i < WLAN_TDLS_PEER_LIST_SIZE; i++) {
|
||||
head = &tdls_vdev->peer_list[i];
|
||||
status = qdf_list_peek_front(head, &p_node);
|
||||
while (QDF_IS_STATUS_SUCCESS(status)) {
|
||||
curr_peer = qdf_container_of(p_node,
|
||||
struct tdls_peer, node);
|
||||
if (buf_len < 32 + 1)
|
||||
break;
|
||||
len = qdf_scnprintf(buf, buf_len,
|
||||
QDF_MAC_ADDR_STR "%3d%4s%3s%5d\n",
|
||||
QDF_MAC_ADDR_ARRAY(curr_peer->peer_mac.bytes),
|
||||
curr_peer->sta_id,
|
||||
(curr_peer->tdls_support ==
|
||||
TDLS_CAP_SUPPORTED) ? "Y" : "N",
|
||||
TDLS_IS_LINK_CONNECTED(curr_peer) ? "Y" :
|
||||
"N", curr_peer->rssi);
|
||||
buf += len;
|
||||
buf_len -= len;
|
||||
status = qdf_list_peek_next(head, p_node, &p_node);
|
||||
}
|
||||
}
|
||||
|
||||
tdls_notice("Exit ");
|
||||
return init_len - buf_len;
|
||||
}
|
||||
|
||||
/**
|
||||
* tdls_get_all_peers_from_list() - get all the tdls peers from the list
|
||||
* @get_tdls_peers: get_tdls_peers object
|
||||
*
|
||||
* Return: None
|
||||
*/
|
||||
static void tdls_get_all_peers_from_list(
|
||||
struct tdls_get_all_peers *get_tdls_peers)
|
||||
{
|
||||
int32_t len;
|
||||
struct tdls_soc_priv_obj *tdls_soc_obj;
|
||||
struct tdls_osif_indication indication;
|
||||
|
||||
if (!get_tdls_peers->vdev) {
|
||||
qdf_mem_free(get_tdls_peers);
|
||||
return;
|
||||
}
|
||||
len = __tdls_get_all_peers_from_list(get_tdls_peers);
|
||||
|
||||
indication.status = len;
|
||||
indication.vdev = get_tdls_peers->vdev;
|
||||
|
||||
tdls_soc_obj = wlan_vdev_get_tdls_soc_obj(get_tdls_peers->vdev);
|
||||
if (tdls_soc_obj && tdls_soc_obj->tdls_event_cb)
|
||||
tdls_soc_obj->tdls_event_cb(tdls_soc_obj->tdls_evt_cb_data,
|
||||
TDLS_EVENT_USER_CMD, &indication);
|
||||
|
||||
qdf_mem_free(get_tdls_peers);
|
||||
}
|
||||
|
||||
QDF_STATUS tdls_process_cmd(struct scheduler_msg *msg)
|
||||
{
|
||||
QDF_STATUS status = QDF_STATUS_SUCCESS;
|
||||
@@ -1004,97 +1108,6 @@ static void tdls_process_reset_adapter(struct wlan_objmgr_vdev *vdev)
|
||||
tdls_timers_stop(tdls_vdev);
|
||||
}
|
||||
|
||||
static int __tdls_get_all_peers_from_list(
|
||||
struct tdls_get_all_peers *get_tdls_peers)
|
||||
{
|
||||
int i;
|
||||
int len, init_len;
|
||||
qdf_list_t *head;
|
||||
qdf_list_node_t *p_node;
|
||||
struct tdls_peer *curr_peer;
|
||||
char *buf;
|
||||
int buf_len;
|
||||
struct tdls_vdev_priv_obj *tdls_vdev;
|
||||
QDF_STATUS status;
|
||||
|
||||
tdls_notice("Enter ");
|
||||
|
||||
buf = get_tdls_peers->buf;
|
||||
buf_len = get_tdls_peers->buf_len;
|
||||
|
||||
if (!tdls_is_vdev_connected(get_tdls_peers->vdev)) {
|
||||
len = qdf_scnprintf(buf, buf_len,
|
||||
"\nSTA is not associated\n");
|
||||
return len;
|
||||
}
|
||||
|
||||
tdls_vdev = wlan_vdev_get_tdls_vdev_obj(get_tdls_peers->vdev);
|
||||
|
||||
if (!tdls_vdev) {
|
||||
len = qdf_scnprintf(buf, buf_len, "TDLS not enabled\n");
|
||||
return len;
|
||||
}
|
||||
|
||||
init_len = buf_len;
|
||||
len = qdf_scnprintf(buf, buf_len,
|
||||
"\n%-18s%-3s%-4s%-3s%-5s\n",
|
||||
"MAC", "Id", "cap", "up", "RSSI");
|
||||
buf += len;
|
||||
buf_len -= len;
|
||||
len = qdf_scnprintf(buf, buf_len,
|
||||
"---------------------------------\n");
|
||||
buf += len;
|
||||
buf_len -= len;
|
||||
|
||||
for (i = 0; i < WLAN_TDLS_PEER_LIST_SIZE; i++) {
|
||||
head = &tdls_vdev->peer_list[i];
|
||||
status = qdf_list_peek_front(head, &p_node);
|
||||
while (QDF_IS_STATUS_SUCCESS(status)) {
|
||||
curr_peer = qdf_container_of(p_node,
|
||||
struct tdls_peer, node);
|
||||
if (buf_len < 32 + 1)
|
||||
break;
|
||||
len = qdf_scnprintf(buf, buf_len,
|
||||
QDF_MAC_ADDR_STR "%3d%4s%3s%5d\n",
|
||||
QDF_MAC_ADDR_ARRAY(curr_peer->peer_mac.bytes),
|
||||
curr_peer->sta_id,
|
||||
(curr_peer->tdls_support ==
|
||||
TDLS_CAP_SUPPORTED) ? "Y" : "N",
|
||||
TDLS_IS_LINK_CONNECTED(curr_peer) ? "Y" :
|
||||
"N", curr_peer->rssi);
|
||||
buf += len;
|
||||
buf_len -= len;
|
||||
status = qdf_list_peek_next(head, p_node, &p_node);
|
||||
}
|
||||
}
|
||||
|
||||
tdls_notice("Exit ");
|
||||
return init_len - buf_len;
|
||||
}
|
||||
|
||||
void tdls_get_all_peers_from_list(
|
||||
struct tdls_get_all_peers *get_tdls_peers)
|
||||
{
|
||||
int32_t len;
|
||||
struct tdls_soc_priv_obj *tdls_soc_obj;
|
||||
struct tdls_osif_indication indication;
|
||||
|
||||
if (!get_tdls_peers->vdev)
|
||||
qdf_mem_free(get_tdls_peers);
|
||||
|
||||
len = __tdls_get_all_peers_from_list(get_tdls_peers);
|
||||
|
||||
indication.status = len;
|
||||
indication.vdev = get_tdls_peers->vdev;
|
||||
|
||||
tdls_soc_obj = wlan_vdev_get_tdls_soc_obj(get_tdls_peers->vdev);
|
||||
if (tdls_soc_obj && tdls_soc_obj->tdls_event_cb)
|
||||
tdls_soc_obj->tdls_event_cb(tdls_soc_obj->tdls_evt_cb_data,
|
||||
TDLS_EVENT_USER_CMD, &indication);
|
||||
|
||||
qdf_mem_free(get_tdls_peers);
|
||||
}
|
||||
|
||||
void tdls_notify_reset_adapter(struct wlan_objmgr_vdev *vdev)
|
||||
{
|
||||
if (!vdev) {
|
||||
|
||||
@@ -573,16 +573,6 @@ QDF_STATUS tdls_notify_sta_connect(struct tdls_sta_notify_params *notify);
|
||||
*/
|
||||
QDF_STATUS tdls_notify_sta_disconnect(struct tdls_sta_notify_params *notify);
|
||||
|
||||
|
||||
/**
|
||||
* tdls_get_all_peers_from_list() - get all the tdls peers from the list
|
||||
* @get_tdls_peers: get_tdls_peers object
|
||||
*
|
||||
* Return: None
|
||||
*/
|
||||
void tdls_get_all_peers_from_list(
|
||||
struct tdls_get_all_peers *get_tdls_peers);
|
||||
|
||||
/**
|
||||
* tdls_notify_reset_adapter() - notify reset adapter
|
||||
* @vdev: vdev object manager
|
||||
|
||||
@@ -1110,7 +1110,9 @@ struct tdls_antenna_switch_request {
|
||||
|
||||
/**
|
||||
* struct tdls_set_offchannel - TDLS set offchannel
|
||||
* @vdev: vdev object
|
||||
* @offchannel: Updated tdls offchannel value.
|
||||
* @callback: callback to release vdev ref.
|
||||
*/
|
||||
struct tdls_set_offchannel {
|
||||
struct wlan_objmgr_vdev *vdev;
|
||||
@@ -1120,7 +1122,9 @@ struct tdls_set_offchannel {
|
||||
|
||||
/**
|
||||
* struct tdls_set_offchan_mode - TDLS set offchannel mode
|
||||
* @vdev: vdev object
|
||||
* @offchan_mode: Updated tdls offchannel mode value.
|
||||
* @callback: callback to release vdev ref.
|
||||
*/
|
||||
struct tdls_set_offchanmode {
|
||||
struct wlan_objmgr_vdev *vdev;
|
||||
@@ -1130,7 +1134,9 @@ struct tdls_set_offchanmode {
|
||||
|
||||
/**
|
||||
* struct tdls_set_offchan_offset - TDLS set offchannel mode
|
||||
* @vdev: vdev object
|
||||
* @offchan_offset: Offchan offset value.
|
||||
* @callback: callback to release vdev ref.
|
||||
*/
|
||||
struct tdls_set_secoffchanneloffset {
|
||||
struct wlan_objmgr_vdev *vdev;
|
||||
|
||||
Reference in New Issue
Block a user