samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Add sanity check for vdev id to prevent OOB access

Browse Source 
Add sanity check for vdev id in wma_roam_event_callback() to prevent
out of bound access of memory in wma_roam_better_ap_handler().

Change-Id: If3cf06a8eca767201fdd8b056bee6d773938a2a6
CRs-Fixed: 2119400
This commit is contained in:
Himanshu Agarwal
2017-10-04 14:15:04 +05:30
committed by snandini
parent 31c6047d1e
commit 847dd5d509
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/wma/src/wma_scan_roam.c
View File

@@ -5544,6 +5544,11 @@ int wma_roam_event_callback(WMA_HANDLE handle, uint8_t *event_buf,
__func__, wmi_event->reason, wmi_event->notif,
wmi_event->vdev_id, wmi_event->rssi);
if (wmi_event->vdev_id >= wma_handle->max_bssid) {
WMA_LOGE("Invalid vdev id from firmware");
return -EINVAL;
}
DPTRACE(qdf_dp_trace_record_event(QDF_DP_TRACE_EVENT_RECORD,
wmi_event->vdev_id, QDF_TRACE_DEFAULT_PDEV_ID,
QDF_PROTO_TYPE_EVENT, QDF_ROAM_EVENTID));