Accueil Explorer Aide
Connexion
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

qcacmn: Fix NULL pointer dereference in tdls

In target_if_tdls_update_fw_state, target_if_tdls_set_offchan_mode,
& target_if_tdls_set_uapsd wmi_handle is derived & dereferenced
with out a NULL check. Add a NULL check for wmi_handle before it is
dereferenced.

Change-Id: If741f69773a712cebcd1be889ca09d01eee97fae
CRs-Fixed: 2305520
Tushnim Bhattacharyya il y a 6 ans
Parent
80dfdd5a6f
commit
a9307520d3
1 fichiers modifiés avec 22 ajouts et 4 suppressions
Vue séparée Afficher les stats Diff
  1. 22 4
      target_if/tdls/src/target_if_tdls.c

+ 22 - 4
target_if/tdls/src/target_if_tdls.c
Voir le fichier 

@@ -82,6 +82,13 @@ target_if_tdls_update_fw_state(struct wlan_objmgr_psoc *psoc,
 
 {
 
 	QDF_STATUS status;
 
 	uint8_t tdls_state;
 
+	struct wmi_unified *wmi_handle;
 
+
 
+	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
 
+	if (!wmi_handle) {
 
+		target_if_err("Invalid WMI handle");
 
+		return QDF_STATUS_E_FAILURE;
 
+	}
 
 
 	if (TDLS_SUPPORT_EXP_TRIG_ONLY == param->tdls_state)
 
 		tdls_state = WMI_TDLS_ENABLE_PASSIVE;
 
@@ -91,7 +98,7 @@ target_if_tdls_update_fw_state(struct wlan_objmgr_psoc *psoc,
 
 	else
 
 		tdls_state = WMI_TDLS_DISABLE;
 
 
-	status = wmi_unified_update_fw_tdls_state_cmd(GET_WMI_HDL_FROM_PSOC(psoc),
 
+	status = wmi_unified_update_fw_tdls_state_cmd(wmi_handle,
 
 						      param, tdls_state);
 
 
 	target_if_debug("vdev_id %d", param->vdev_id);
 
@@ -110,8 +117,14 @@ target_if_tdls_set_offchan_mode(struct wlan_objmgr_psoc *psoc,
 
 				struct tdls_channel_switch_params *params)
 
 {
 
 	QDF_STATUS status;
 
+	struct wmi_unified *wmi_handle;
 
 
-	status = wmi_unified_set_tdls_offchan_mode_cmd(GET_WMI_HDL_FROM_PSOC(psoc),
 
+	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
 
+	if (!wmi_handle) {
 
+		target_if_err("Invalid WMI handle");
 
+		return QDF_STATUS_E_FAILURE;
 
+	}
 
+	status = wmi_unified_set_tdls_offchan_mode_cmd(wmi_handle,
 
 						       params);
 
 
 	return status;
 
@@ -122,8 +135,13 @@ target_if_tdls_set_uapsd(struct wlan_objmgr_psoc *psoc,
 
 			 struct sta_uapsd_trig_params *params)
 
 {
 
 	QDF_STATUS ret;
 
-	wmi_unified_t wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
 
+	struct wmi_unified *wmi_handle;
 
 
+	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
 
+	if (!wmi_handle) {
 
+		target_if_err("Invalid WMI handle");
 
+		return QDF_STATUS_E_FAILURE;
 
+	}
 
 	if (!wmi_service_enabled(wmi_handle,
 
 				    wmi_sta_uapsd_basic_auto_trig) ||
 
 	    !wmi_service_enabled(wmi_handle,
 
@@ -132,7 +150,7 @@ target_if_tdls_set_uapsd(struct wlan_objmgr_psoc *psoc,
 
 				params->vdevid);
 
 		return QDF_STATUS_SUCCESS;
 
 	}
 
-	ret = wmi_unified_set_sta_uapsd_auto_trig_cmd(GET_WMI_HDL_FROM_PSOC(psoc),
 
+	ret = wmi_unified_set_sta_uapsd_auto_trig_cmd(wmi_handle,
 
 						      params);
 
 
 	if (QDF_IS_STATUS_ERROR(ret))