Startsida Utforska Hjälp
Logga in
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Bläddra i källkod

qcacld-3.0: Avoid use-after-free in mlo_roam_copy_reassoc_rsp

In mlo_roam_copy_reassoc_rsp(), assoc_rsp is a pointer inside
copied_reassoc_rsp incase of memory allocation for assoc_rsp,
copied_reassoc_rsp is getting freed but in the same error leg
"connect_ies->assoc_rsp.len" is getting set to 0 resulting in
use-after-free

Remove the code in the error handling to avoid use-after-free.

Change-Id: I5a7b3bbef42db4e8bedba0c7c3eaf961e4d7e83a
CRs-Fixed: 3728493
Arun Kumar Khandavalli 1 år sedan
förälder
06aa01c3bc
incheckning
b5d052ed4c
1 ändrade filer med 0 tillägg och 1 borttagningar
Delad Vy Visa Diff Statistik
  1. 0 1
      components/umac/mlme/mlo_mgr/src/wlan_mlo_mgr_roam.c

+ 0 - 1
components/umac/mlme/mlo_mgr/src/wlan_mlo_mgr_roam.c
Visa fil 

@@ -1056,7 +1056,6 @@ mlo_roam_copy_reassoc_rsp(struct wlan_objmgr_vdev *vdev,
 
 		sta_ctx->copied_reassoc_rsp->roaming_info = NULL;
 
 		qdf_mem_free(sta_ctx->copied_reassoc_rsp);
 
 		sta_ctx->copied_reassoc_rsp = NULL;
 
-		connect_ies->assoc_rsp.len = 0;
 
 		return QDF_STATUS_E_NOMEM;
 
 	}