qcacld-2.0: Validate scan_req adapter

In function wlan_hdd_cfg80211_validate_scan_req, wiphy pointer in scan_req is not being validated with the wiphy stored in hdd_ctx. This can cause a freed scan request to be validated leading to a crash due to a kernel WARN_ON. Check hdd_ctx->wiphy with scan_req->wiphy. Change-Id: I0ea9586cb7114c2e1babfce19b2777596f842c7b CRs-Fixed: 1092461
author: Manjeet Singh <manjee@codeaurora.org> 2016-12-14 12:24:17 +0530
committer: Ashish kumar goswami <agoswa@codeaurora.org> 2016-12-21 19:27:20 +0530
commit: 78ada55479bab7582a0300856bb9826dfb31383b (patch)
tree: fc71d40be609e5573c25fd709ceef6b743571790
parent: 261b0c7ac6a8bbe1819d997a2e063c03a14fc8fd (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 1a8edf34d332..ce8901f5c41b 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -18970,9 +18970,11 @@ VOS_STATUS wlan_hdd_cfg80211_roam_metrics_handover(hdd_adapter_t * pAdapter,
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0))
 static inline bool wlan_hdd_cfg80211_validate_scan_req(struct
                                                        cfg80211_scan_request
-                                                       *scan_req)
+                                                       *scan_req, hdd_context_t
+                                                       *hdd_ctx)
 {
-        if (!scan_req || !scan_req->wiphy) {
+        if (!scan_req || !scan_req->wiphy ||
+            scan_req->wiphy != hdd_ctx->wiphy ) {
                 hddLog(VOS_TRACE_LEVEL_ERROR, "Invalid scan request");
                 return false;
         }
@@ -18985,9 +18987,11 @@ static inline bool wlan_hdd_cfg80211_validate_scan_req(struct
 #else
 static inline bool wlan_hdd_cfg80211_validate_scan_req(struct
                                                        cfg80211_scan_request
-                                                       *scan_req)
+                                                       *scan_req, hdd_context_t
+                                                       *hdd_ctx)
 {
-        if (!scan_req || !scan_req->wiphy) {
+        if (!scan_req || !scan_req->wiphy ||
+            scan_req->wiphy != hdd_ctx->wiphy) {
                 hddLog(VOS_TRACE_LEVEL_ERROR, "Invalid scan request");
                 return false;
         }
@@ -19136,7 +19140,7 @@ static eHalStatus hdd_cfg80211_scan_done_callback(tHalHandle halHandle,
     /* Scan is no longer pending */
     pScanInfo->mScanPending = VOS_FALSE;
 
-    if (!wlan_hdd_cfg80211_validate_scan_req(req))
+    if (!wlan_hdd_cfg80211_validate_scan_req(req, pHddCtx))
     {
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
             hddLog(VOS_TRACE_LEVEL_ERROR, FL("interface state %s"),
author	Manjeet Singh <manjee@codeaurora.org>	2016-12-14 12:24:17 +0530
committer	Ashish kumar goswami <agoswa@codeaurora.org>	2016-12-21 19:27:20 +0530
commit	78ada55479bab7582a0300856bb9826dfb31383b (patch)
tree	fc71d40be609e5573c25fd709ceef6b743571790
parent	261b0c7ac6a8bbe1819d997a2e063c03a14fc8fd (diff)