Home Verkennen Help
Inloggen
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

qcacmn: Add null check for event fields in extract_ndp_ind_tlv

In the function extract_ndp_ind_tlv the data from FW is assigned
to the event.The event fields ndp_cfg, ndp_app_info and ndp_scid
are used as source in the memcpy without null check which can cause
undefined behaviour.

To solve this, add null check for ndp_cfg, ndp_app_info and ndp_scid
before memcpy use.

Change-Id: I4bf592e6977c50518e53ece268c34450d9684304
CRs-Fixed: 2476173
Varuneshwar Petlozu 5 jaren geleden
bovenliggende
22e58ce9f1
commit
21a557f273
1 gewijzigde bestanden met toevoegingen van 21 en 15 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 21 15
      wmi/src/wmi_unified_nan_tlv.c

+ 21 - 15
wmi/src/wmi_unified_nan_tlv.c
Bestand weergeven 

@@ -817,24 +817,30 @@ static QDF_STATUS extract_ndp_ind_tlv(wmi_unified_t wmi_handle,
 
 	WMI_LOGD("ndp_app_info - %d bytes",
 
 		 fixed_params->ndp_app_info_len);
 
 
-	rsp->ndp_config.ndp_cfg_len = fixed_params->ndp_cfg_len;
 
-	rsp->ndp_info.ndp_app_info_len = fixed_params->ndp_app_info_len;
 
 	rsp->ncs_sk_type = fixed_params->nan_csid;
 
-	rsp->scid.scid_len = fixed_params->nan_scid_len;
 
-
 
-	if (rsp->ndp_config.ndp_cfg_len > NDP_QOS_INFO_LEN)
 
-		rsp->ndp_config.ndp_cfg_len = NDP_QOS_INFO_LEN;
 
-	qdf_mem_copy(rsp->ndp_config.ndp_cfg, event->ndp_cfg,
 
-		     rsp->ndp_config.ndp_cfg_len);
 
+	if (event->ndp_cfg) {
 
+		rsp->ndp_config.ndp_cfg_len = fixed_params->ndp_cfg_len;
 
+		if (rsp->ndp_config.ndp_cfg_len > NDP_QOS_INFO_LEN)
 
+			rsp->ndp_config.ndp_cfg_len = NDP_QOS_INFO_LEN;
 
+		qdf_mem_copy(rsp->ndp_config.ndp_cfg, event->ndp_cfg,
 
+			     rsp->ndp_config.ndp_cfg_len);
 
+	}
 
 
-	if (rsp->ndp_info.ndp_app_info_len > NDP_APP_INFO_LEN)
 
-		rsp->ndp_info.ndp_app_info_len = NDP_APP_INFO_LEN;
 
-	qdf_mem_copy(rsp->ndp_info.ndp_app_info, event->ndp_app_info,
 
-		     rsp->ndp_info.ndp_app_info_len);
 
+	if (event->ndp_app_info) {
 
+		rsp->ndp_info.ndp_app_info_len = fixed_params->ndp_app_info_len;
 
+		if (rsp->ndp_info.ndp_app_info_len > NDP_APP_INFO_LEN)
 
+			rsp->ndp_info.ndp_app_info_len = NDP_APP_INFO_LEN;
 
+		qdf_mem_copy(rsp->ndp_info.ndp_app_info, event->ndp_app_info,
 
+			     rsp->ndp_info.ndp_app_info_len);
 
+	}
 
 
-	if (rsp->scid.scid_len > NDP_SCID_BUF_LEN)
 
-		rsp->scid.scid_len = NDP_SCID_BUF_LEN;
 
-	qdf_mem_copy(rsp->scid.scid, event->ndp_scid, rsp->scid.scid_len);
 
+	if (event->ndp_scid) {
 
+		rsp->scid.scid_len = fixed_params->nan_scid_len;
 
+		if (rsp->scid.scid_len > NDP_SCID_BUF_LEN)
 
+			rsp->scid.scid_len = NDP_SCID_BUF_LEN;
 
+		qdf_mem_copy(rsp->scid.scid, event->ndp_scid,
 
+			     rsp->scid.scid_len);
 
+	}
 
 
 	if (event->ndp_transport_ip_param &&
 
 	    event->num_ndp_transport_ip_param) {