qcacmn: Handle use-after-free scenario while stopping soft AP

Currently, driver sets BSS peer and self peer to NULL only in case of PEER AP/GO. It nither set BSS peer nor self peer to NULL for GO/AP while de-attaching peers. This results in bss peer use after free issue while stopping soft AP. In order to fix this issue, the driver should set bss peer and self peer to NULL for GO/AP as well. Fix is to set bss peer and self peer to NULL for both PEER and AP cases. Change-Id: I055573c062c5a4e71fef2a699131e10fb6d97d71 CRs-Fixed: 2488371
2019-07-12 15:00:24 +05:30
parent db49e9de26
commit 8b51c23a16
1 changed files with 19 additions and 22 deletions
--- a/umac/cmn_services/obj_mgr/src/wlan_objmgr_vdev_obj.c
+++ b/umac/cmn_services/obj_mgr/src/wlan_objmgr_vdev_obj.c
@@ -823,8 +823,6 @@ QDF_STATUS wlan_objmgr_vdev_peer_detach(struct wlan_objmgr_vdev *vdev,
 		return QDF_STATUS_E_FAILURE;
 	}

-	if ((wlan_peer_get_peer_type(peer) == WLAN_PEER_AP) ||
-	    (wlan_peer_get_peer_type(peer) == WLAN_PEER_P2P_GO)) {
 	if (wlan_vdev_get_selfpeer(vdev) == peer) {
 		/*
 		 * There might be instances where new node is created
@@ -846,7 +844,6 @@ QDF_STATUS wlan_objmgr_vdev_peer_detach(struct wlan_objmgr_vdev *vdev,
 		 */
 		wlan_vdev_set_bsspeer(vdev, NULL);
 	}
-	}

 	/* remove peer from vdev's peer list */
 	if (wlan_obj_vdev_peerlist_remove_peer(&objmgr->wlan_peer_list, peer)