If tx capture, sniffer are not enabled, mgmt nbuf is freed. It is causing use-after-free in bpr enabled case Added change to free only when bpr is disabled CRs-Fixed: 2662214 Change-Id: I0d889f371cf47047200f70563b589fac99733c49
@@ -419,8 +419,8 @@ void dp_deliver_mgmt_frm(struct dp_pdev *pdev, qdf_nbuf_t nbuf)
ptr_mgmt_hdr->ppdu_id, wh->i_fc[1], wh->i_fc[0],
wh->i_dur[1], wh->i_dur[0]);
} else {
- qdf_nbuf_free(nbuf);
- return;
+ if (!pdev->bpr_enable)
+ qdf_nbuf_free(nbuf);
}
Srinivas Pitla