From 4c2837fe923e41f781b27e528716d31859de2600 Mon Sep 17 00:00:00 2001 From: Jeff Johnson Date: Thu, 28 Feb 2019 13:42:20 -0800 Subject: [PATCH] qcacld-3.0: Fix NULL memcpy in STA keepalive handler Change I20cf9f54a7ec920a90575ffd73c51708414d46a0 ("qcacld-3.0: Use the redesigned STA keepalive interface") updated the manner in which STA keepalive parameters are passed to WMI. Unfortunately that change introduced three instances of qdf_mem_copy() where the source pointer may be NULL, so update that logic to test for NULL before performing the copy. In each case the destination buffer will remain zeroed if the source pointer is NULL. Change-Id: I24aaad82bb73dba37297ac17b21f758da16617b4 CRs-Fixed: 2407449 --- core/wma/src/wma_mgmt.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/core/wma/src/wma_mgmt.c b/core/wma/src/wma_mgmt.c index d9a7f167ca..cca42aa136 100644 --- a/core/wma/src/wma_mgmt.c +++ b/core/wma/src/wma_mgmt.c @@ -864,7 +864,7 @@ void wma_set_sta_keep_alive(tp_wma_handle wma, uint8_t vdev_id, uint8_t *hostv4addr, uint8_t *destv4addr, uint8_t *destmac) { - struct sta_keep_alive_params params; + struct sta_keep_alive_params params = { 0 }; WMA_LOGD("%s: Enter", __func__); @@ -882,9 +882,12 @@ void wma_set_sta_keep_alive(tp_wma_handle wma, uint8_t vdev_id, params.vdev_id = vdev_id; params.method = method; params.timeperiod = timeperiod; - qdf_mem_copy(params.hostv4addr, hostv4addr, QDF_IPV4_ADDR_SIZE); - qdf_mem_copy(params.destv4addr, destv4addr, QDF_IPV4_ADDR_SIZE); - qdf_mem_copy(params.destmac, destmac, QDF_MAC_ADDR_SIZE); + if (hostv4addr) + qdf_mem_copy(params.hostv4addr, hostv4addr, QDF_IPV4_ADDR_SIZE); + if (destv4addr) + qdf_mem_copy(params.destv4addr, destv4addr, QDF_IPV4_ADDR_SIZE); + if (destmac) + qdf_mem_copy(params.destmac, destmac, QDF_MAC_ADDR_SIZE); wmi_unified_set_sta_keep_alive_cmd(wma->wmi_handle, ¶ms); WMA_LOGD("%s: Exit", __func__);