From 50b2c102769aa046542c26c5494b3bd4bbcb2659 Mon Sep 17 00:00:00 2001 From: Rajeev Kumar Sirasanagandla Date: Thu, 18 Jul 2019 19:27:49 +0530 Subject: [PATCH] qcacld-3.0: Fix invalid access in vendor cmd handler While processing vendor command: GET_PREFERRED_FREQ_LIST respective handler __wlan_hdd_cfg80211_get_preferred_freq_list() do not validate pcl_len received from policy_mgr_get_pcl() which can be zero when current regulatory domain is ETSI13 based, gindoor_channel_support=0 and etsi13_srd_chan_in_master_mode=0. If pcl_len is zero then invalid index is computed in wlan_hdd_populate_weigh_pcl() when trying to access chan_weights->weight_list[pcl_len - 1]. To fix this, add zero length check for pcl_len before accessing weight_list[plc_len - 1]. Change-Id: Ie8bf52fe289634efc104ca674d70fcd1beb6c304 CRs-Fixed: 2492630 --- core/hdd/src/wlan_hdd_cfg80211.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/hdd/src/wlan_hdd_cfg80211.c b/core/hdd/src/wlan_hdd_cfg80211.c index c9fa9987aa..2f294b7f3d 100644 --- a/core/hdd/src/wlan_hdd_cfg80211.c +++ b/core/hdd/src/wlan_hdd_cfg80211.c @@ -8434,7 +8434,7 @@ static uint32_t wlan_hdd_populate_weigh_pcl( w_pcl[i].flag = set | PCL_CHANNEL_SUPPORT_CLI; } chan_idx = pcl_len; - if (chan_weights->weight_list[pcl_len - 1] > + if (pcl_len && chan_weights->weight_list[pcl_len - 1] > PCL_GROUPS_WEIGHT_DIFFERENCE) /* Set non-pcl channels weight 20 point less than the last PCL entry */ valid_weight = chan_weights->weight_list[pcl_len - 1] -