Prechádzať zdrojové kódy

qcacld-3.0: memset reject_ap_info properly before usage

Currently, reject_ap_info is used at many places and memset is
not done before filling it. memset the buffer to avoid reading
garbage values.
Also, modify the current initialization of ap_info in
cm_add_bssid_to_reject_list to memset.

Change-Id: Ic0fabc1733c4ea63dccb2e45b2a2dc37791e594d
CRs-Fixed: 3040299
Srinivas Dasari 3 rokov pred
rodič
commit
2640226147

+ 1 - 0
components/blacklist_mgr/core/src/wlan_blm_core.c

@@ -1199,6 +1199,7 @@ blm_add_userspace_black_list(struct wlan_objmgr_pdev *pdev,
 	}
 
 	for (i = 0; i < num_of_bssid; i++) {
+		qdf_mem_zero(&ap_info, sizeof(struct reject_ap_info));
 		ap_info.bssid = bssid_black_list[i];
 		ap_info.reject_ap_type = USERSPACE_BLACKLIST_TYPE;
 		ap_info.source = ADDED_BY_DRIVER;

+ 2 - 0
components/umac/mlme/connection_mgr/core/src/wlan_cm_roam_fw_sync.c

@@ -141,6 +141,7 @@ cm_fw_roam_sync_start_ind(struct wlan_objmgr_vdev *vdev,
 	if (IS_ROAM_REASON_STA_KICKOUT(roam_reason)) {
 		struct reject_ap_info ap_info;
 
+		qdf_mem_zero(&ap_info, sizeof(struct reject_ap_info));
 		ap_info.bssid = connected_bssid;
 		ap_info.reject_ap_type = DRIVER_AVOID_TYPE;
 		ap_info.reject_reason = REASON_STA_KICKOUT;
@@ -1068,6 +1069,7 @@ static QDF_STATUS cm_handle_ho_fail(struct scheduler_msg *msg)
 	cm_sm_deliver_event(vdev, WLAN_CM_SM_EV_ROAM_HO_FAIL,
 			    sizeof(wlan_cm_id), &cm_id);
 
+	qdf_mem_zero(&ap_info, sizeof(struct reject_ap_info));
 	ap_info.bssid = ind->bssid;
 	ap_info.reject_ap_type = DRIVER_AVOID_TYPE;
 	ap_info.reject_reason = REASON_ROAM_HO_FAILURE;

+ 3 - 1
components/umac/mlme/connection_mgr/dispatcher/src/wlan_cm_roam_api.c

@@ -2445,7 +2445,9 @@ static void
 cm_add_bssid_to_reject_list(struct wlan_objmgr_pdev *pdev,
 			    struct sir_rssi_disallow_lst *entry)
 {
-	struct reject_ap_info ap_info = {0};
+	struct reject_ap_info ap_info;
+
+	qdf_mem_zero(&ap_info, sizeof(struct reject_ap_info));
 
 	ap_info.bssid = entry->bssid;
 	ap_info.reject_ap_type = DRIVER_RSSI_REJECT_TYPE;

+ 2 - 0
core/hdd/src/wlan_hdd_cfg80211.c

@@ -4561,6 +4561,8 @@ static int hdd_set_blacklist_bssid(struct hdd_context *hdd_ctx,
 			if (tb2[PARAM_SET_BSSID_HINT]) {
 				struct reject_ap_info ap_info;
 
+				qdf_mem_zero(&ap_info,
+					     sizeof(struct reject_ap_info));
 				nla_memcpy(ap_info.bssid.bytes,
 					   tb2[PARAM_SET_BSSID],
 					   QDF_MAC_ADDR_SIZE);

+ 1 - 0
core/hdd/src/wlan_hdd_dcs.c

@@ -45,6 +45,7 @@ hdd_dcs_add_bssid_to_reject_list(struct wlan_objmgr_pdev *pdev,
 {
 	struct reject_ap_info ap_info;
 
+	qdf_mem_zero(&ap_info, sizeof(struct reject_ap_info));
 	qdf_copy_macaddr(&ap_info.bssid, bssid);
 	/* set retry_delay to reject new connect requests */
 	ap_info.rssi_reject_params.retry_delay =

+ 1 - 0
core/hdd/src/wlan_hdd_nud_tracking.c

@@ -245,6 +245,7 @@ hdd_handle_nud_fail_sta(struct hdd_context *hdd_ctx,
 	hdd_debug("nud fail detected, try roaming to better BSSID, vdev id: %d",
 		  adapter->vdev_id);
 
+	qdf_mem_zero(&ap_info, sizeof(struct reject_ap_info));
 	ap_info.bssid = sta_ctx->conn_info.bssid;
 	ap_info.reject_ap_type = DRIVER_AVOID_TYPE;
 	ap_info.reject_reason = REASON_NUD_FAILURE;

+ 1 - 0
core/mac/src/pe/lim/lim_link_monitoring_algo.c

@@ -238,6 +238,7 @@ void lim_delete_sta_context(struct mac_context *mac_ctx,
 						   session_entry->peSessionId,
 						   reason_code,
 						   eLIM_LINK_MONITORING_DEAUTH);
+			qdf_mem_zero(&ap_info, sizeof(struct reject_ap_info));
 			qdf_mem_copy(&ap_info.bssid, msg->addr2,
 				     QDF_MAC_ADDR_SIZE);
 			ap_info.reject_ap_type = DRIVER_AVOID_TYPE;

+ 1 - 0
core/mac/src/pe/lim/lim_utils.c

@@ -8464,6 +8464,7 @@ lim_add_bssid_to_reject_list(struct wlan_objmgr_pdev *pdev,
 {
 	struct reject_ap_info ap_info;
 
+	qdf_mem_zero(&ap_info, sizeof(struct reject_ap_info));
 	ap_info.bssid = entry->bssid;
 	ap_info.reject_ap_type = DRIVER_RSSI_REJECT_TYPE;
 	ap_info.rssi_reject_params.expected_rssi = entry->expected_rssi;