Accueil Explorer Aide
Connexion
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

qcacld-3.0: Fix NULL pointer dereference in csr_roam_join_next_bss

Add NULL pointer check for "result" after call to csr_roam_select_bss.
This function can return a NULL value for variable "result", which is
later dereference in the function csr_roam_join_handle_profile.

Change-Id: I5e1f017de49301a14b899692b888f7694e979bf1
CRs-Fixed: 1027725
Naveen Rawat il y a 8 ans
Parent
fbf5068ddd
commit
a395d25d53
1 fichiers modifiés avec 9 ajouts et 2 suppressions
Vue séparée Afficher les stats Diff
  1. 9 2
      core/sme/src/csr/csr_api_roam.c

+ 9 - 2
core/sme/src/csr/csr_api_roam.c
Voir le fichier 

@@ -5266,8 +5266,15 @@ static eCsrJoinState csr_roam_join_next_bss(tpAniSirGlobal mac_ctx,
 
 	if (!roam_info_ptr)
 
 		roam_info_ptr = &roam_info;
 
 	roam_info_ptr->u.pConnectedProfile = &session->connectedProfile;
 
-	csr_roam_join_handle_profile(mac_ctx, session_id, cmd, roam_info_ptr,
 
-		&roam_state, result, scan_result);
 
+
 
+	/*
 
+	 * result will be null if passed pRoamBssEntry is NULL, which
 
+	 * indicates we are done with all BSSs in list.
 
+	 */
 
+	if (result != NULL)
 
+		csr_roam_join_handle_profile(mac_ctx, session_id, cmd,
 
+					     roam_info_ptr, &roam_state,
 
+					     result, scan_result);
 
 end:
 
 	if ((eCsrStopRoaming == roam_state) && CSR_IS_INFRASTRUCTURE(profile) &&
 
 		(session->bRefAssocStartCnt > 0)) {