Sfoglia il codice sorgente

qcacld-3.0: Add sanity NULL check for assoc_req pointer

When association reject happens, the pointer of
session->parsedAssocReq[sta->assocId] may be NULL in
function populate_dot11f_assoc_rsp_mlo_ie and causes
NULL pointer dereference issue.

To resolve this issue, add sanity check before use this
pointer.

Change-Id: I9747963a4916119268bfb00f0edfdf5e86ffe07d
CRs-Fixed: 3550655
Paul Zhang 1 anno fa
parent
commit
afd5e847f9
1 ha cambiato i file con 5 aggiunte e 0 eliminazioni
  1. 5 0
      core/mac/src/sys/legacy/src/utils/src/parser_api.c

+ 5 - 0
core/mac/src/sys/legacy/src/utils/src/parser_api.c

@@ -9712,6 +9712,9 @@ QDF_STATUS populate_dot11f_assoc_rsp_mlo_ie(struct mac_context *mac_ctx,
 	mlo_ie->num_data = p_ml_ie - mlo_ie->data;
 
 	assoc_req = session->parsedAssocReq[sta->assocId];
+	if (!assoc_req)
+		goto no_partner;
+
 	for (link = 0; link < assoc_req->mlo_info.num_partner_links; link++) {
 		lle_mode = 0;
 		sta_pro = &mlo_ie->sta_profile[num_sta_pro];
@@ -10241,6 +10244,8 @@ QDF_STATUS populate_dot11f_assoc_rsp_mlo_ie(struct mac_context *mac_ctx,
 		lim_mlo_release_vdev_ref(link_session->vdev);
 		num_sta_pro++;
 	}
+
+no_partner:
 	mlo_ie->num_sta_profile = num_sta_pro;
 	mlo_ie->mld_capab_and_op_info.max_simultaneous_link_num = num_sta_pro;
 	return QDF_STATUS_SUCCESS;