Просмотр исходного кода

qcacmn: Check smode value to avoid OOB read

It doesn't check smode before used as array index, the potential risk
is that OOB read or write once get invalid value from target. So, this
change checks smode value before using.

Change-Id: Ibc0625f43e31bc8b49694cca778726c6528290a8
CRs-Fixed: 3034136
Wu Gao 3 лет назад
Родитель
Сommit
8e18b21f89
1 измененных файлов с 6 добавлено и 0 удалено
  1. 6 0
      target_if/spectral/target_if_spectral.c

+ 6 - 0
target_if/spectral/target_if_spectral.c

@@ -6491,6 +6491,12 @@ target_if_spectral_fw_param_event_handler(ol_scn_t scn, uint8_t *data_buf,
 		return qdf_status_to_os_return(QDF_STATUS_E_FAILURE);
 	}
 
+	if (event_params.smode >= SPECTRAL_SCAN_MODE_MAX ||
+	    event_params.smode < SPECTRAL_SCAN_MODE_NORMAL) {
+		spectral_err("Invalid smode %d", event_params.smode);
+		return qdf_status_to_os_return(QDF_STATUS_E_FAILURE);
+	}
+
 	pdev = wlan_objmgr_get_pdev_by_id(psoc, event_params.pdev_id,
 					  WLAN_SPECTRAL_ID);
 	if (!pdev) {