From 3e843a398ff45b01a9f6bb2f87cd686ec86e85fe Mon Sep 17 00:00:00 2001 From: Yeshwanth Sriram Guntuka Date: Tue, 28 Apr 2020 14:39:23 +0530 Subject: [PATCH] qcacld-3.0: Set is_eapol and is_dhcp to false for each skb On receiving nbuf list in hdd_rx_packet_cbk, is_eapol and is_dhcp flags are set to false only initially. In the loop over all skbs, if any one of these flags is set to true, these flags are not reset for each skb leading to incorrect stat values and possible OOB access to rx_delivered and rx_refused array. Fix is to set is_eapol and is_dhcp flag to false in the beginning of the nbuf loop. Change-Id: Iacc7620f26fb0f71dee931c78993a75232e767b0 CRs-Fixed: 2669412 --- core/hdd/src/wlan_hdd_tx_rx.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/core/hdd/src/wlan_hdd_tx_rx.c b/core/hdd/src/wlan_hdd_tx_rx.c index 4d2c5aaa29..ef490d5a80 100644 --- a/core/hdd/src/wlan_hdd_tx_rx.c +++ b/core/hdd/src/wlan_hdd_tx_rx.c @@ -2103,8 +2103,8 @@ QDF_STATUS hdd_rx_packet_cbk(void *adapter_context, bool track_arp = false; struct wlan_objmgr_vdev *vdev; enum qdf_proto_subtype subtype = QDF_PROTO_INVALID; - bool is_eapol = false; - bool is_dhcp = false; + bool is_eapol; + bool is_dhcp; /* Sanity check on inputs */ if (unlikely((!adapter_context) || (!rxBuf))) { @@ -2136,6 +2136,8 @@ QDF_STATUS hdd_rx_packet_cbk(void *adapter_context, skb = next; next = skb->next; skb->next = NULL; + is_eapol = false; + is_dhcp = false; if (qdf_nbuf_is_ipv4_arp_pkt(skb)) { if (qdf_nbuf_data_is_arp_rsp(skb) &&