Accueil Explorer Aide
Connexion
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

qcacmn: Fix null scan object dereference in ucfg

Currently, ucfg_scan_register_pno_cb and ucfg_scan_get_scan_id
do not do null validation for scan object which can lead to null
pointer dereference. wlan_psoc_get_scan_obj_fl returns null in case
of invalid component id or null psoc and that null scan object is
dereferenced due to missing null validation.

Add null pointer check for scan object in ucfg_scan_register_pno_cb
and ucfg_scan_get_scan_id. Return zero scan id from ucfg_scan_get_scan_id
in case of null scan object.

Change-Id: I1aa1bdee001cace34e22ca11014455a0c7bcc462
CRs-Fixed: 2468518
sheenam monga il y a 5 ans
Parent
370e41c760
commit
d897403241
1 fichiers modifiés avec 11 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 11 0
      umac/scan/dispatcher/src/wlan_scan_ucfg_api.c

+ 11 - 0
umac/scan/dispatcher/src/wlan_scan_ucfg_api.c
Voir le fichier 

@@ -376,7 +376,13 @@ ucfg_scan_register_pno_cb(struct wlan_objmgr_psoc *psoc,
 
 		scm_err("null psoc");
 
 		return QDF_STATUS_E_INVAL;
 
 	}
 
+
 
 	scan = wlan_psoc_get_scan_obj(psoc);
 
+	if (!scan) {
 
+		scm_err("scan object null");
 
+		return QDF_STATUS_E_INVAL;
 
+	}
 
+
 
 	qdf_spin_lock_bh(&scan->lock);
 
 	scan->pno_cfg.pno_cb.func = event_cb;
 
 	scan->pno_cfg.pno_cb.arg = arg;
 
@@ -855,7 +861,12 @@ ucfg_scan_get_scan_id(struct wlan_objmgr_psoc *psoc)
 
 		scm_err("null psoc");
 
 		return 0;
 
 	}
 
+
 
 	scan = wlan_psoc_get_scan_obj(psoc);
 
+	if (!scan) {
 
+		scm_err("scan object null");
 
+		return 0;
 
+	}
 
 
 	id = qdf_atomic_inc_return(&scan->scan_ids);
 
 	id =  id & WLAN_SCAN_ID_MASK;