Răsfoiți Sursa

qcacmn: Check smode value to avoid OOB read

It doesn't check smode before used as array index, the potential risk
is that OOB read or write once get invalid value from target. So, this
change checks smode value before using.

Change-Id: Ibc0625f43e31bc8b49694cca778726c6528290a8
CRs-Fixed: 3034136
Wu Gao 3 ani în urmă
părinte
comite
8e18b21f89
1 a modificat fișierele cu 6 adăugiri și 0 ștergeri
  1. 6 0
      target_if/spectral/target_if_spectral.c

+ 6 - 0
target_if/spectral/target_if_spectral.c

@@ -6491,6 +6491,12 @@ target_if_spectral_fw_param_event_handler(ol_scn_t scn, uint8_t *data_buf,
 		return qdf_status_to_os_return(QDF_STATUS_E_FAILURE);
 	}
 
+	if (event_params.smode >= SPECTRAL_SCAN_MODE_MAX ||
+	    event_params.smode < SPECTRAL_SCAN_MODE_NORMAL) {
+		spectral_err("Invalid smode %d", event_params.smode);
+		return qdf_status_to_os_return(QDF_STATUS_E_FAILURE);
+	}
+
 	pdev = wlan_objmgr_get_pdev_by_id(psoc, event_params.pdev_id,
 					  WLAN_SPECTRAL_ID);
 	if (!pdev) {