首頁 探索 說明
登入
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

qcacld-3.0: Add sanity check for allocated mac address

The mac address as pointer which is allocated by
wlan_hdd_get_intf_addr() may be null, and there is risk
about null pointer dereference without sanity check.

The fix is to add necessary null pointer check.

Change-Id: Ie0c3f841174e78b0d0b35e321ef7ca6b4cfdbe9a
CRs-Fixed: 2673727
Li Feng 5 年之前
父節點
8ed3d20d75
當前提交
83c1ae66b8
共有 2 個文件被更改,包括 23 次插入2 次删除
分割檢視 顯示文件統計
  1. 17 0
      core/hdd/src/wlan_hdd_main.c
  2. 6 2
      core/hdd/src/wlan_hdd_p2p.c

+ 17 - 0
core/hdd/src/wlan_hdd_main.c
查看文件 

@@ -13239,6 +13239,9 @@ static QDF_STATUS hdd_open_ocb_interface(struct hdd_context *hdd_ctx)
 
 	uint8_t *mac_addr;
 
 
 	mac_addr = wlan_hdd_get_intf_addr(hdd_ctx, QDF_OCB_MODE);
 
+	if (!mac_addr)
 
+		return QDF_STATUS_E_INVAL;
 
+
 
 	status = hdd_open_adapter_no_trans(hdd_ctx, QDF_OCB_MODE,
 
 					   "wlanocb%d", mac_addr);
 
 	if (QDF_IS_STATUS_ERROR(status)) {
 
@@ -13260,6 +13263,9 @@ static QDF_STATUS hdd_open_concurrent_interface(struct hdd_context *hdd_ctx)
 
 
 	iface_name = hdd_ctx->config->enable_concurrent_sta;
 
 	mac_addr = wlan_hdd_get_intf_addr(hdd_ctx, QDF_STA_MODE);
 
+	if (!mac_addr)
 
+		return QDF_STATUS_E_INVAL;
 
+
 
 	status = hdd_open_adapter_no_trans(hdd_ctx, QDF_STA_MODE,
 
 					   iface_name, mac_addr);
 
 	if (QDF_IS_STATUS_ERROR(status)) {
 
@@ -13284,6 +13290,9 @@ hdd_open_adapters_for_mission_mode(struct hdd_context *hdd_ctx)
 
 		return hdd_open_ocb_interface(hdd_ctx);
 
 
 	mac_addr = wlan_hdd_get_intf_addr(hdd_ctx, QDF_STA_MODE);
 
+	if (!mac_addr)
 
+		return QDF_STATUS_E_INVAL;
 
+
 
 	status = hdd_open_adapter_no_trans(hdd_ctx, QDF_STA_MODE,
 
 					   "wlan%d", mac_addr);
 
 	if (QDF_IS_STATUS_ERROR(status)) {
 
@@ -13304,6 +13313,9 @@ hdd_open_adapters_for_mission_mode(struct hdd_context *hdd_ctx)
 
 	 */
 
 	if (ucfg_nan_is_vdev_creation_allowed(hdd_ctx->psoc)) {
 
 		mac_addr = wlan_hdd_get_intf_addr(hdd_ctx, QDF_NAN_DISC_MODE);
 
+		if (!mac_addr)
 
+			goto err_close_adapters;
 
+
 
 		status = hdd_open_adapter_no_trans(hdd_ctx, QDF_NAN_DISC_MODE,
 
 						   "wifi-aware%d", mac_addr);
 
 		if (status) {
 
@@ -13332,6 +13344,9 @@ static QDF_STATUS hdd_open_adapters_for_ftm_mode(struct hdd_context *hdd_ctx)
 
 	uint8_t *mac_addr;
 
 
 	mac_addr = wlan_hdd_get_intf_addr(hdd_ctx, QDF_FTM_MODE);
 
+	if (!mac_addr)
 
+		return QDF_STATUS_E_INVAL;
 
+
 
 	status = hdd_open_adapter_no_trans(hdd_ctx, QDF_FTM_MODE,
 
 					   "wlan%d", mac_addr);
 
 
@@ -13350,6 +13365,8 @@ hdd_open_adapters_for_monitor_mode(struct hdd_context *hdd_ctx)
 
 	uint8_t *mac_addr;
 
 
 	mac_addr = wlan_hdd_get_intf_addr(hdd_ctx, QDF_MONITOR_MODE);
 
+	if (!mac_addr)
 
+		return QDF_STATUS_E_INVAL;
 
 
 	status = hdd_open_adapter_no_trans(hdd_ctx, QDF_MONITOR_MODE,
 
 					   "wlan%d", mac_addr);

+ 6 - 2
core/hdd/src/wlan_hdd_p2p.c
查看文件 

@@ -709,8 +709,12 @@ struct wireless_dev *__wlan_hdd_add_virtual_intf(struct wiphy *wiphy,
 
 					   p2p_device_address.bytes,
 
 					   name_assign_type, true);
 
 	} else {
 
-		uint8_t *device_address =
 
-					wlan_hdd_get_intf_addr(hdd_ctx, mode);
 
+		uint8_t *device_address;
 
+
 
+		device_address = wlan_hdd_get_intf_addr(hdd_ctx, mode);
 
+		if (!device_address)
 
+			return ERR_PTR(-EINVAL);
 
+
 
 		adapter = hdd_open_adapter(hdd_ctx, mode, name,
 
 					   device_address,
 
 					   name_assign_type, true);