samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Koodi Ongelmat Pull-pyynnöt Actions Paketit Projektit Julkaisut Wiki Toiminta

qcacld-3.0: Check pointer pLimJoinReq before access

Selaa lähdekoodia 
When reassoc to AP, pLimJoinReq will be NULL and there is not NUll
check before access, which cause DUT crash. Verify the pointer before
access it, set SMPS for both join and reassoc cases.

Change-Id: Ifbaf8d52c4be1a2a31506e4ab49e6d5b68596645
CRs-Fixed: 2062392
This commit is contained in:
Wu Gao
2017-06-19 19:18:34 +08:00
committed by snandini
vanhempi 2a0d9a51d1
commit 2968fc953f
2 muutettua tiedostoa jossa 23 lisäystä ja 6 poistoa
Download Patch File Download Diff File Expand all files Collapse all files

9
core/mac/src/pe/lim/lim_process_mlm_host_roam.c
Näytä tiedosto

@@ -266,10 +266,6 @@ void lim_process_mlm_reassoc_cnf(tpAniSirGlobal mac_ctx, uint32_t *msg_buf)
GET_LIM_SYSTEM_ROLE(session), session->limSmeState);
return;
}
if (session->pLimReAssocReq) {
qdf_mem_free(session->pLimReAssocReq);
session->pLimReAssocReq = NULL;
}
/*
* Upon Reassoc success or failure, freeup the cached preauth request,
@@ -340,6 +336,11 @@ void lim_process_mlm_reassoc_cnf(tpAniSirGlobal mac_ctx, uint32_t *msg_buf)
lim_mlm_reassoc_cnf->protStatusCode,
session);
}
if (session->pLimReAssocReq) {
qdf_mem_free(session->pLimReAssocReq);
session->pLimReAssocReq = NULL;
}
}
/**

20
core/mac/src/pe/lim/lim_send_sme_rsp_messages.c
Näytä tiedosto

@@ -268,6 +268,7 @@ static void lim_handle_join_rsp_status(tpAniSirGlobal mac_ctx,
uint16_t bss_ie_len;
void *bss_ies;
bool is_vendor_ap_1_present;
tpSirSmeJoinReq join_reassoc_req = NULL;
#ifdef FEATURE_WLAN_MCC_TO_SCC_SWITCH
tSirSmeHTProfile *ht_profile;
@@ -365,9 +366,24 @@ static void lim_handle_join_rsp_status(tpAniSirGlobal mac_ctx,
ht_profile->apChanWidth = session_entry->ch_width;
}
#endif
pe_debug("pLimJoinReq:%p, pLimReAssocReq:%p",
session_entry->pLimJoinReq,
session_entry->pLimReAssocReq);
if (session_entry->pLimJoinReq)
join_reassoc_req = session_entry->pLimJoinReq;
if (session_entry->pLimReAssocReq)
join_reassoc_req = session_entry->pLimReAssocReq;
if (!join_reassoc_req) {
pe_err("both pLimJoinReq and pLimReAssocReq NULL");
return;
}
bss_ie_len = lim_get_ielen_from_bss_description(
&session_entry->pLimJoinReq->bssDescription);
bss_ies = &session_entry->pLimJoinReq->bssDescription.ieFields;
&join_reassoc_req->bssDescription);
bss_ies = &join_reassoc_req->bssDescription.ieFields;
is_vendor_ap_1_present = (cfg_get_vendor_ie_ptr_from_oui(mac_ctx,
SIR_MAC_VENDOR_AP_1_OUI, SIR_MAC_VENDOR_AP_1_OUI_LEN,
bss_ies, bss_ie_len) != NULL);