Halaman utama Jelajahi Bantuan
Masuk
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Jelajahi Sumber

qcacmn: Fix NULL pointer dereference in dfs

In target_if_radar_event_handler, target_if_dfs_cac_complete_event_handler
& target_if_dfs_radar_detection_event_handler wmi_handle is derived &
dereferenced with out a NULL check. Add a NULL check for wmi_handle
before it is dereferenced.

Change-Id: I6dde5132a6a2e31a25654bd818a90e1c164a4a74
CRs-Fixed: 2305505
Tushnim Bhattacharyya 6 tahun lalu
induk
898f6ff055
melakukan
680c3e8340
2 mengubah file dengan 28 tambahan dan 5 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 9 1
      target_if/dfs/src/target_if_dfs.c
  2. 19 4
      target_if/dfs/src/target_if_dfs_full_offload.c

+ 9 - 1
target_if/dfs/src/target_if_dfs.c
Tampilan Berkas 

@@ -119,6 +119,7 @@ static int target_if_radar_event_handler(
 
 	struct wlan_objmgr_psoc *psoc;
 
 	struct wlan_objmgr_pdev *pdev;
 
 	struct wlan_lmac_if_dfs_rx_ops *dfs_rx_ops;
 
+	struct wmi_unified *wmi_handle;
 
 
 	if (!scn || !data) {
 
 		target_if_err("scn: %pK, data: %pK", scn, data);
 
@@ -135,8 +136,15 @@ static int target_if_radar_event_handler(
 
 		target_if_err("Invalid dfs_rx_ops: %pK", dfs_rx_ops);
 
 		return -EINVAL;
 
 	}
 
+
 
+	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
 
+	if (!wmi_handle) {
 
+		target_if_err("Invalid WMI context");
 
+		return -EINVAL;
 
+	}
 
+
 
 	if (QDF_IS_STATUS_ERROR(wmi_extract_wlan_radar_event_info(
 
-			GET_WMI_HDL_FROM_PSOC(psoc), data,
 
+			wmi_handle, data,
 
 			&wlan_radar_event, datalen))) {
 
 		target_if_err("failed to extract wlan radar event");
 
 		return -EFAULT;

+ 19 - 4
target_if/dfs/src/target_if_dfs_full_offload.c
Tampilan Berkas 

@@ -46,6 +46,7 @@ static int target_if_dfs_cac_complete_event_handler(
 
 	struct wlan_objmgr_pdev *pdev;
 
 	int ret = 0;
 
 	uint32_t vdev_id = 0;
 
+	struct wmi_unified *wmi_handle;
 
 
 	if (!scn || !data) {
 
 		target_if_err("scn: %pK, data: %pK", scn, data);
 
@@ -64,8 +65,14 @@ static int target_if_dfs_cac_complete_event_handler(
 
 		return -EINVAL;
 
 	}
 
 
-	if (wmi_extract_dfs_cac_complete_event(GET_WMI_HDL_FROM_PSOC(psoc),
 
-			data, &vdev_id, datalen) != QDF_STATUS_SUCCESS) {
 
+	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
 
+	if (!wmi_handle) {
 
+		target_if_err("Invalid WMI handle");
 
+		return -EINVAL;
 
+	}
 
+
 
+	if (wmi_extract_dfs_cac_complete_event(wmi_handle, data, &vdev_id,
 
+					       datalen) != QDF_STATUS_SUCCESS) {
 
 		target_if_err("failed to extract cac complete event");
 
 		return -EFAULT;
 
 	}
 
@@ -109,6 +116,7 @@ static int target_if_dfs_radar_detection_event_handler(
 
 	struct wlan_objmgr_pdev *pdev = NULL;
 
 	struct wlan_lmac_if_dfs_rx_ops *dfs_rx_ops;
 
 	int ret = 0;
 
+	struct wmi_unified *wmi_handle;
 
 
 	if (!scn || !data) {
 
 		target_if_err("scn: %pK, data: %pK", scn, data);
 
@@ -127,8 +135,15 @@ static int target_if_dfs_radar_detection_event_handler(
 
 		return -EINVAL;
 
 	}
 
 
-	if (wmi_extract_dfs_radar_detection_event(GET_WMI_HDL_FROM_PSOC(psoc),
 
-			data, &radar, datalen) != QDF_STATUS_SUCCESS) {
 
+	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
 
+	if (!wmi_handle) {
 
+		target_if_err("Invalid WMI handle");
 
+		return -EINVAL;
 
+	}
 
+
 
+	if (wmi_extract_dfs_radar_detection_event(wmi_handle, data, &radar,
 
+						  datalen)
 
+	    != QDF_STATUS_SUCCESS) {
 
 		target_if_err("failed to extract cac complete event");
 
 		return -EFAULT;
 
 	}