qcacmn: Avoid possible use-after-free in wlan_objmgr_vdev_obj_create

There is use-after-free of vdev object in wlan_objmgr_vdev_obj_create
wherein vdevid is being accessed to log the create failure after the
vdev is freed.

To resolve the issue, Log the error with vdev_id before freeing the
vdev

Change-Id: Ia509f90cd2219f657ecdecbfb26d397daa3beda6
CRs-Fixed: 2559556
This commit is contained in:
Arun Kumar Khandavalli
2019-11-05 14:51:09 +05:30
committed by nshrivas
parent 244eeac730
commit 95b3c1a9a2

View File

@@ -246,9 +246,9 @@ struct wlan_objmgr_vdev *wlan_objmgr_vdev_obj_create(
/* Component object failed to be created, clean up the object */
} else if (obj_status == QDF_STATUS_E_FAILURE) {
/* Clean up the psoc */
wlan_objmgr_vdev_obj_delete(vdev);
obj_mgr_err("VDEV comp objects creation failed for vdev-id:%d",
vdev->vdev_objmgr.vdev_id);
wlan_objmgr_vdev_obj_delete(vdev);
/*
* Set params osifp to NULL as it is freed during vdev obj
* delete, This prevents caller from performing double free.