samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Add vdev id sanity check in extract_gtk_rsp_event_tlv

Browse Source 
While handling WMI_GTK_OFFLOAD_STATUS_EVENTID, QDF_BUG()
can occur in pmo_tgt_gtk_rsp_evt->pmo_psoc_get_vdev if
vdev_id is out of range. As the value is directly from
WLAN FW and can be outside the trust boundary.

Add sanity check for vdev id once get parameter from
wlan fw.

Change-Id: I335df52fece39c1a51a556ba4678bd43f470673a
CRs-Fixed: 2321523
This commit is contained in:
Jingxiang Ge
2018-09-25 15:12:45 +08:00
committed by nshrivas
parent 800c73704f
commit 7562d7898a
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wmi_unified_tlv.c
View File

@@ -12540,6 +12540,12 @@ static QDF_STATUS extract_gtk_rsp_event_tlv(wmi_unified_t wmi_handle,
fixed_param = (WMI_GTK_OFFLOAD_STATUS_EVENT_fixed_param *)
param_buf->fixed_param;
if (fixed_param->vdev_id >= WLAN_UMAC_PSOC_MAX_VDEVS) {
wmi_err_rl("Invalid vdev_id %u", fixed_param->vdev_id);
return QDF_STATUS_E_INVAL;
}
gtk_rsp_param->vdev_id = fixed_param->vdev_id;
gtk_rsp_param->status_flag = QDF_STATUS_SUCCESS;
gtk_rsp_param->refresh_cnt = fixed_param->refresh_cnt;