samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Fix memory leak and NULL access in scm_add_rnr_channel_db

Browse Source 
In scm_add_rnr_channel_db, if pointer channel is NULL, it should return.
Allocate rnr_node buffer whenever it is used, otherwise memory leak
happens if the BSS channel is not 6Ghz.

Change-Id: Iecba2453c2e9cdf9301826e0e11f740190616110
CRs-Fixed: 2601014
This commit is contained in:
bings
2020-01-09 18:36:31 +08:00
committed by nshrivas
parent 3020842b6d
commit ae8afdf042
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
umac/scan/core/src/wlan_scan_cache_db.c
View File

@@ -87,7 +87,7 @@ static void scm_add_rnr_channel_db(struct scan_cache_entry *entry)
scm_debug("scan entry channel freq %d", chan_freq);
if (is_6g_bss) {
channel = scm_get_chan_meta(chan_freq);
if (channel) {
if (!channel) {
scm_debug("Failed to get chan Meta freq %d", chan_freq);
return;
}
@@ -107,9 +107,6 @@ static void scm_add_rnr_channel_db(struct scan_cache_entry *entry)
/* Skip if entry is not valid */
if (!rnr_bss->channel_number)
continue;
rnr_node = qdf_mem_malloc(sizeof(struct scan_rnr_node));
if (!rnr_node)
return;
chan_freq = wlan_reg_chan_opclass_to_freq(rnr_bss->channel_number,
rnr_bss->operating_class,
false);
@@ -119,13 +116,16 @@ static void scm_add_rnr_channel_db(struct scan_cache_entry *entry)
channel = scm_get_chan_meta(chan_freq);
if (!channel) {
scm_debug("Failed to get chan Meta freq %d", chan_freq);
qdf_mem_free(rnr_node);
return;
}
channel->bss_beacon_probe_count++;
/* Don't add RNR entry if list is full */
if (qdf_list_size(&channel->rnr_list) >= WLAN_MAX_RNR_COUNT)
continue;
rnr_node = qdf_mem_malloc(sizeof(struct scan_rnr_node));
if (!rnr_node)
return;
rnr_node->entry.timestamp = entry->scan_entry_time;
if (!qdf_is_macaddr_zero(&rnr_bss->bssid))
qdf_mem_copy(&rnr_node->entry.bssid,