samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Çatalla 0
Kod Konular Değişiklik İstekleri İşlemler Paketler Projeler Sürüm Wiki Aktivite

qcacld-3.0: Add checks for the assoc req/res lengths

Kaynağa Gözat 
In some case assos req/res length can be less than their respective
fixed fields due to which they get assigned to negative value
but as they are unsigned variable these req/res lengths gets convert
to large positive values. So during page memory allocation for these
lengths, page memory allocation failure happens.

To address the above issue add checks for both assoc req/res lenghts
before calculating the value for them.

Change-Id: Iff404e72420b27bc2a467a25fe530f135ee97c91
CRs-Fixed: 2903644
Bu işleme şunda yer alıyor:
Abdul Muqtadeer Ahmed
2021-04-07 21:47:27 +05:30
işlemeyi yapan: snandini
ebeveyn 9908dd8386
işleme 5e3c6e4da0
1 değiştirilmiş dosya ile 12 ekleme ve 4 silme
Yama Dosyasını İndir Diff Dosyasını İndir Tüm dosyaları genişlet Tüm dosyaları daralt

16
core/hdd/src/wlan_hdd_assoc.c
Dosyayı Görüntüle

@@ -2831,7 +2831,9 @@ hdd_association_completion_handler(struct hdd_adapter *adapter,
(u8 *) (roam_info->pbFrames +
roam_info->nBeaconLength +
roam_info->nAssocReqLength);
if (assoc_rsp) {
if (assoc_rsp &&
roam_info->nAssocRspLength >
ASSOC_RSP_IES_OFFSET) {
/*
* assoc_rsp needs to point to the IEs
*/
@@ -2850,7 +2852,9 @@ hdd_association_completion_handler(struct hdd_adapter *adapter,
assoc_req = (u8 *) (roam_info->pbFrames +
roam_info->nBeaconLength);
if (assoc_req) {
if (!ft_carrier_on) {
if (!ft_carrier_on &&
roam_info->nAssocReqLength >
ASSOC_REQ_IES_OFFSET) {
/*
* assoc_req needs to point to
* the IEs
@@ -3169,7 +3173,9 @@ hdd_association_completion_handler(struct hdd_adapter *adapter,
/* Association Request */
assoc_req = (u8 *)(roam_info->pbFrames +
roam_info->nBeaconLength);
if (assoc_req) {
if (assoc_req &&
roam_info->nAssocReqLength >
ASSOC_REQ_IES_OFFSET) {
/*
* assoc_req needs to point to
* the IEs
@@ -3188,7 +3194,9 @@ hdd_association_completion_handler(struct hdd_adapter *adapter,
(u8 *)(roam_info->pbFrames +
roam_info->nBeaconLength +
roam_info->nAssocReqLength);
if (assoc_rsp) {
if (assoc_rsp &&
roam_info->nAssocRspLength >
ASSOC_RSP_IES_OFFSET) {
/*
* assoc_rsp needs to point to
* the IEs