samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Add for NULL pointer check in sme/csr functions

Browse Source 
Check for NULL pointer before accessing pointers in function:
 * csr_roam_join_handle_profile
 * csr_roam_process_results_default
 * csr_roam_process_start_bss_success
 * csr_roam_process_join_res
 * csr_process_nss_update_req
 * csr_is_p2p_session_connected

Change-Id: I9bf83a2641a4523713b9180679648202ea9c9eef
CRs-Fixed: 1034255
This commit is contained in:
Naveen Rawat
2016-06-27 15:31:48 -07:00
committed by Nandini Suresh
parent cf684760d6
commit 7ecf53d0ae
1 changed files with 40 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
core/sme/src/csr/csr_api_roam.c
View File

@@ -5019,15 +5019,22 @@ static void csr_roam_join_handle_profile(tpAniSirGlobal mac_ctx,
uint8_t acm_mask = 0; uint8_t acm_mask = 0;
#endif #endif
QDF_STATUS status; QDF_STATUS status;
tCsrRoamSession *session = CSR_GET_SESSION(mac_ctx, session_id); tCsrRoamSession *session;
tCsrRoamProfile *profile = &cmd->u.roamCmd.roamProfile; tCsrRoamProfile *profile = &cmd->u.roamCmd.roamProfile;
tDot11fBeaconIEs *ies_local = NULL; tDot11fBeaconIEs *ies_local = NULL;
if (!CSR_IS_SESSION_VALID(mac_ctx, session_id)) {
sms_log(mac_ctx, LOGE, FL("Invalid session id %d"), session_id);
return;
}
session = CSR_GET_SESSION(mac_ctx, session_id);
/* /*
* We have something to roam, tell HDD when it is infra. * We have something to roam, tell HDD when it is infra.
* For IBSS, the indication goes back to HDD via eCSR_ROAM_IBSS_IND * For IBSS, the indication goes back to HDD via eCSR_ROAM_IBSS_IND
*/ */
if (CSR_IS_INFRASTRUCTURE(profile)) { if (CSR_IS_INFRASTRUCTURE(profile) && roam_info_ptr) {
if (roam_info_ptr && session->bRefAssocStartCnt) { if (session->bRefAssocStartCnt) {
session->bRefAssocStartCnt--; session->bRefAssocStartCnt--;
roam_info_ptr->pProfile = profile; roam_info_ptr->pProfile = profile;
/* /*
@@ -6052,10 +6059,16 @@ static void csr_roam_process_results_default(tpAniSirGlobal mac_ctx,
tSmeCmd *cmd, void *context, eCsrRoamCompleteResult res) tSmeCmd *cmd, void *context, eCsrRoamCompleteResult res)
{ {
uint32_t session_id = cmd->sessionId; uint32_t session_id = cmd->sessionId;
tCsrRoamSession *session = CSR_GET_SESSION(mac_ctx, session_id); tCsrRoamSession *session;
tCsrRoamInfo roam_info; tCsrRoamInfo roam_info;
QDF_STATUS status; QDF_STATUS status;
if (!CSR_IS_SESSION_VALID(mac_ctx, session_id)) {
sms_log(mac_ctx, LOGE, FL("Invalid session id %d"), session_id);
return;
}
session = CSR_GET_SESSION(mac_ctx, session_id);
sms_log(mac_ctx, LOGW, FL("receives no association indication")); sms_log(mac_ctx, LOGW, FL("receives no association indication"));
sms_log(mac_ctx, LOG1, FL("Assoc ref count %d"), sms_log(mac_ctx, LOG1, FL("Assoc ref count %d"),
session->bRefAssocStartCnt); session->bRefAssocStartCnt);
@@ -6252,7 +6265,7 @@ static void csr_roam_process_start_bss_success(tpAniSirGlobal mac_ctx,
{ {
uint32_t session_id = cmd->sessionId; uint32_t session_id = cmd->sessionId;
tCsrRoamProfile *profile = &cmd->u.roamCmd.roamProfile; tCsrRoamProfile *profile = &cmd->u.roamCmd.roamProfile;
tCsrRoamSession *session = CSR_GET_SESSION(mac_ctx, session_id); tCsrRoamSession *session;
tSirBssDescription *bss_desc = NULL; tSirBssDescription *bss_desc = NULL;
tCsrRoamInfo roam_info; tCsrRoamInfo roam_info;
tSirSmeStartBssRsp *start_bss_rsp = NULL; tSirSmeStartBssRsp *start_bss_rsp = NULL;
@@ -6269,6 +6282,12 @@ static void csr_roam_process_start_bss_success(tpAniSirGlobal mac_ctx,
tCsrRoamHTProfile *dst_profile = NULL; tCsrRoamHTProfile *dst_profile = NULL;
#endif #endif
if (!CSR_IS_SESSION_VALID(mac_ctx, session_id)) {
sms_log(mac_ctx, LOGE, FL("Invalid session id %d"), session_id);
return;
}
session = CSR_GET_SESSION(mac_ctx, session_id);
/* /*
* on the StartBss Response, LIM is returning the Bss Description that * on the StartBss Response, LIM is returning the Bss Description that
* we are beaconing. Add this Bss Description to our scan results and * we are beaconing. Add this Bss Description to our scan results and
@@ -6460,7 +6479,7 @@ static void csr_roam_process_join_res(tpAniSirGlobal mac_ctx,
uint8_t acm_mask = 0; /* HDD needs ACM mask in assoc rsp callback */ uint8_t acm_mask = 0; /* HDD needs ACM mask in assoc rsp callback */
uint32_t session_id = cmd->sessionId; uint32_t session_id = cmd->sessionId;
tCsrRoamProfile *profile = &cmd->u.roamCmd.roamProfile; tCsrRoamProfile *profile = &cmd->u.roamCmd.roamProfile;
tCsrRoamSession *session = CSR_GET_SESSION(mac_ctx, session_id); tCsrRoamSession *session;
tSirBssDescription *bss_desc = NULL; tSirBssDescription *bss_desc = NULL;
tCsrScanResult *scan_res = NULL; tCsrScanResult *scan_res = NULL;
sme_qos_csr_event_indType ind_qos; sme_qos_csr_event_indType ind_qos;
@@ -6475,6 +6494,12 @@ static void csr_roam_process_join_res(tpAniSirGlobal mac_ctx,
tSirSmeJoinRsp *join_rsp = (tSirSmeJoinRsp *) context; tSirSmeJoinRsp *join_rsp = (tSirSmeJoinRsp *) context;
uint32_t len; uint32_t len;
if (!CSR_IS_SESSION_VALID(mac_ctx, session_id)) {
sms_log(mac_ctx, LOGE, FL("Invalid session id %d"), session_id);
return;
}
session = CSR_GET_SESSION(mac_ctx, session_id);
conn_profile = &session->connectedProfile; conn_profile = &session->connectedProfile;
if (eCsrReassocSuccess == res) if (eCsrReassocSuccess == res)
ind_qos = SME_QOS_CSR_REASSOC_COMPLETE; ind_qos = SME_QOS_CSR_REASSOC_COMPLETE;
@@ -18747,20 +18772,20 @@ void csr_process_nss_update_req(tpAniSirGlobal mac, tSmeCmd *command)
QDF_STATUS status; QDF_STATUS status;
tSirMsgQ msg_return; tSirMsgQ msg_return;
struct sir_beacon_tx_complete_rsp *param; struct sir_beacon_tx_complete_rsp *param;
tCsrRoamSession *session;
tCsrRoamSession *session =
CSR_GET_SESSION(mac, command->sessionId);
if (!session) {
sms_log(mac, LOGE, FL("Session not found"));
goto fail;
}
if (!command) { if (!command) {
sms_log(mac, LOGE, FL("nss update param is NULL")); sms_log(mac, LOGE, FL("nss update param is NULL"));
goto fail; return;
} }
if (!CSR_IS_SESSION_VALID(mac, command->sessionId)) {
sms_log(mac, LOGE, FL("Invalid session id %d"),
command->sessionId);
return;
}
session = CSR_GET_SESSION(mac, command->sessionId);
len = sizeof(*msg); len = sizeof(*msg);
msg = qdf_mem_malloc(len); msg = qdf_mem_malloc(len);
if (!msg) { if (!msg) {