samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Fix prevent issues

Browse Source 
This change
1.fixes the use of uninitialized
variable in host driver.

2.Adds validation in extract_roam_sync_frame_event_tlv
Where these frame lengths are getting populated,
also at the place where subtraction happens to prevent
overflows

3.Adds NULL check in wma_handle_roam_reason_deauth, to avoid
the null pointer dereference.

Change-Id: I2d5ba61fb109f6d8b497df29cfa2dd572c00adeb
CRs-Fixed: 3297792
This commit is contained in:
Asutosh Mohapatra
2022-09-22 16:32:19 +05:30
committed by Madan Koyyalamudi
parent 5b89d077de
commit d64cb46a9c
7 changed files with 43 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
components/wmi/src/wmi_unified_roam_tlv.c
View File

@@ -2649,7 +2649,10 @@ extract_roam_sync_frame_event_tlv(wmi_unified_t wmi_handle, void *event,
synch_frame_event->reassoc_req_len >
param_buf->num_reassoc_req_frame ||
synch_frame_event->reassoc_rsp_len >
param_buf->num_reassoc_rsp_frame) {
param_buf->num_reassoc_rsp_frame ||
synch_frame_event->bcn_probe_rsp_len < sizeof(struct wlan_frame_hdr) ||
synch_frame_event->reassoc_req_len < sizeof(struct wlan_frame_hdr) ||
synch_frame_event->reassoc_rsp_len < sizeof(struct wlan_frame_hdr)) {
wmi_err("fixed/actual len err: bcn:%d/%d req:%d/%d rsp:%d/%d",
synch_frame_event->bcn_probe_rsp_len,
param_buf->num_bcn_probe_rsp_frame,