From 3197a206adebd332690a9a5b2813ff896233ed7a Mon Sep 17 00:00:00 2001 From: Surya Prakash Sivaraj Date: Fri, 29 Mar 2024 10:33:08 +0530 Subject: [PATCH] qcacld-3.0: Remove use-after-free of frame in tx mgmt send The tx completion handler for the frame frees the buffer. Therefore, usage of frame after tx completion causes undesired effect. Remove the dereference of tx frame buffer contents in lim_tx_mgmt_frame() after the tx completion. Change-Id: I32211e1bce4f96ba920a2212ef65aa39831666ab CRs-Fixed: 3772014 --- core/mac/src/pe/lim/lim_send_management_frames.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/core/mac/src/pe/lim/lim_send_management_frames.c b/core/mac/src/pe/lim/lim_send_management_frames.c index 4679387fae..c11c3e53b0 100644 --- a/core/mac/src/pe/lim/lim_send_management_frames.c +++ b/core/mac/src/pe/lim/lim_send_management_frames.c @@ -7450,8 +7450,7 @@ static void lim_tx_mgmt_frame(struct mac_context *mac_ctx, uint8_t vdev_id, MTRACE(qdf_trace(QDF_MODULE_ID_PE, TRACE_CODE_TX_COMPLETE, session_id, qdf_status)); if (!QDF_IS_STATUS_SUCCESS(qdf_status)) { - pe_err("*** Could not send Auth frame (subType: %d), retCode=%X ***", - fc->subType, qdf_status); + pe_err("Could not send Auth frame, retCode=%X", qdf_status); mac_ctx->auth_ack_status = LIM_TX_FAILED; auth_ack_status = SENT_FAIL; lim_diag_event_report(mac_ctx, WLAN_PE_DIAG_AUTH_ACK_EVENT,