qcacld-3.0: Sanitize SAP context before extracting the handle
Ensure that the SAP context is sanitized before extracting the global handle. The context passed in the callback could be freed by the time it is accessed. Change-Id: I4a08717abce2a0ecbe4055360fd8d31c3e50a701 CRs-Fixed: 1031855
This commit is contained in:
Manishekar Chandrasekaran
committad av
Vishwajith Upendra
Vishwajith Upendra
förälder
f7a1dad7e0
incheckning
d79c4e6cfa
@@ -808,25 +808,26 @@ wlansap_roam_callback(void *ctx, tCsrRoamInfo *csr_roam_info, uint32_t roamId,
|
||||
eRoamCmdStatus roam_status, eCsrRoamResult roam_result)
|
||||
{
|
||||
/* sap_ctx value */
|
||||
ptSapContext sap_ctx = (ptSapContext) ctx;
|
||||
ptSapContext sap_ctx;
|
||||
/* State machine event */
|
||||
tWLAN_SAPEvent sap_event;
|
||||
QDF_STATUS qdf_status = QDF_STATUS_SUCCESS;
|
||||
QDF_STATUS qdf_ret_status = QDF_STATUS_SUCCESS;
|
||||
tHalHandle hal = CDS_GET_HAL_CB(sap_ctx->p_cds_gctx);
|
||||
tHalHandle hal;
|
||||
tpAniSirGlobal mac_ctx = NULL;
|
||||
uint8_t intf;
|
||||
|
||||
if (NULL == hal) {
|
||||
QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
|
||||
FL("Invalid hal"));
|
||||
qdf_ret_status = QDF_STATUS_E_NOMEM;
|
||||
return qdf_ret_status;
|
||||
}
|
||||
|
||||
if (QDF_IS_STATUS_ERROR(wlansap_context_get(sap_ctx)))
|
||||
if (QDF_IS_STATUS_ERROR(wlansap_context_get((ptSapContext)ctx)))
|
||||
return QDF_STATUS_E_FAILURE;
|
||||
|
||||
sap_ctx = (ptSapContext) ctx;
|
||||
hal = CDS_GET_HAL_CB(sap_ctx->p_cds_gctx);
|
||||
if (!hal) {
|
||||
QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
|
||||
FL("Invalid handle"));
|
||||
return QDF_STATUS_E_NOMEM;
|
||||
}
|
||||
|
||||
mac_ctx = PMAC_STRUCT(hal);
|
||||
QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_INFO_HIGH,
|
||||
FL("Before switch on roam_status = %d\n"), roam_status);
|
||||
|
||||
Referens i nytt ärende
Block a user