samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Koodi Ongelmat Pull-pyynnöt Actions Paketit Projektit Julkaisut Wiki Toiminta

qcacmn: Add a tid check for RX to avoid of OOB access

Selaa lähdekoodia 
Tid in RX frame header may be larger than MAX TID allowed
value, this will lead a out of boundary array access and
lead to kernel crash at last. Change is aimed to do a TID
check and discard such frame when necessary.

Change-Id: Ie9e7a1816d197d05cf845e81251ef7772721b849
CRs-Fixed: 3071743
This commit is contained in:
Yu Tian
2021-11-10 19:05:40 +08:00
committed by Madan Koyyalamudi
vanhempi ade78b2c55
commit ef29d92da0
3 muutettua tiedostoa jossa 12 lisäystä ja 1 poistoa
Download Patch File Download Diff File Expand all files Collapse all files

9
dp/wifi3.0/li/dp_li_rx.c
Näytä tiedosto

@@ -581,8 +581,15 @@ done:
}
/* Get TID from struct cb->tid_val, save to tid */
if (qdf_nbuf_is_rx_chfrag_start(nbuf))
if (qdf_nbuf_is_rx_chfrag_start(nbuf)) {
tid = qdf_nbuf_get_tid_val(nbuf);
if (tid >= CDP_MAX_DATA_TIDS) {
DP_STATS_INC(soc, rx.err.rx_invalid_tid_err, 1);
qdf_nbuf_free(nbuf);
nbuf = next;
continue;
}
}
if (qdf_unlikely(!peer)) {
peer = dp_peer_get_ref_by_id(soc, peer_id,