samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Código Issues Pull requests Ações Pacotes Projetos Versões Wiki Atividade

qcacmn: Fix NULL pointer dereference in tdls

Ver código fonte 
In target_if_tdls_update_fw_state, target_if_tdls_set_offchan_mode,
& target_if_tdls_set_uapsd wmi_handle is derived & dereferenced
with out a NULL check. Add a NULL check for wmi_handle before it is
dereferenced.

Change-Id: If741f69773a712cebcd1be889ca09d01eee97fae
CRs-Fixed: 2305520
Esse commit está contido em:
Tushnim Bhattacharyya
2018-08-30 13:26:21 -07:00
commit de nshrivas
pai 80dfdd5a6f
commit a9307520d3
1 arquivos alterados com 22 adições e 4 exclusões
Baixar arquivo de patch Baixar arquivo de diferenças Expandir todos os arquivos Colapsar todos os arquivos

26
target_if/tdls/src/target_if_tdls.c
Ver arquivo

@@ -82,6 +82,13 @@ target_if_tdls_update_fw_state(struct wlan_objmgr_psoc *psoc,
{
QDF_STATUS status;
uint8_t tdls_state;
struct wmi_unified *wmi_handle;
wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
if (!wmi_handle) {
target_if_err("Invalid WMI handle");
return QDF_STATUS_E_FAILURE;
}
if (TDLS_SUPPORT_EXP_TRIG_ONLY == param->tdls_state)
tdls_state = WMI_TDLS_ENABLE_PASSIVE;
@@ -91,7 +98,7 @@ target_if_tdls_update_fw_state(struct wlan_objmgr_psoc *psoc,
else
tdls_state = WMI_TDLS_DISABLE;
status = wmi_unified_update_fw_tdls_state_cmd(GET_WMI_HDL_FROM_PSOC(psoc),
status = wmi_unified_update_fw_tdls_state_cmd(wmi_handle,
param, tdls_state);
target_if_debug("vdev_id %d", param->vdev_id);
@@ -110,8 +117,14 @@ target_if_tdls_set_offchan_mode(struct wlan_objmgr_psoc *psoc,
struct tdls_channel_switch_params *params)
{
QDF_STATUS status;
struct wmi_unified *wmi_handle;
status = wmi_unified_set_tdls_offchan_mode_cmd(GET_WMI_HDL_FROM_PSOC(psoc),
wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
if (!wmi_handle) {
target_if_err("Invalid WMI handle");
return QDF_STATUS_E_FAILURE;
}
status = wmi_unified_set_tdls_offchan_mode_cmd(wmi_handle,
params);
return status;
@@ -122,8 +135,13 @@ target_if_tdls_set_uapsd(struct wlan_objmgr_psoc *psoc,
struct sta_uapsd_trig_params *params)
{
QDF_STATUS ret;
wmi_unified_t wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
struct wmi_unified *wmi_handle;
wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
if (!wmi_handle) {
target_if_err("Invalid WMI handle");
return QDF_STATUS_E_FAILURE;
}
if (!wmi_service_enabled(wmi_handle,
wmi_sta_uapsd_basic_auto_trig) ||
!wmi_service_enabled(wmi_handle,
@@ -132,7 +150,7 @@ target_if_tdls_set_uapsd(struct wlan_objmgr_psoc *psoc,
params->vdevid);
return QDF_STATUS_SUCCESS;
}
ret = wmi_unified_set_sta_uapsd_auto_trig_cmd(GET_WMI_HDL_FROM_PSOC(psoc),
ret = wmi_unified_set_sta_uapsd_auto_trig_cmd(wmi_handle,
params);
if (QDF_IS_STATUS_ERROR(ret))