qcacld-3.0: Process DO_ACS vendor command only in SAP/P2P_GO mode

While processing DO_ACS vendor command session context, which is of type union holds either station's or SAP's session, is updated without checking adapter’s mode. This may lead to corrupt station's session context if DO_ACS is invoked with station adapter. Validate adapter mode and process DO_ACS vendor commands only if the mode is SAP/P2P_GO. Change-Id: Id99ba126fcfa1f06f68b89d4627c029948a201c5 CRs-Fixed: 2237661
author: Hanumanth Reddy Pothula <c_hpothu@codeaurora.org> 2018-05-10 14:32:01 +0530
committer: nshrivas <nshrivas@codeaurora.org> 2018-05-18 06:53:34 -0700
commit: 00dc8b9db3f07cdd900fa2b6df340a8b8060fcb2 (patch)
tree: 5e50c1be83d899594a0333fe91c88f583f500204
parent: 0f7d19a7b3ffe1ac9d638fd4d7fde6f0f826e42b (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/core/hdd/src/wlan_hdd_cfg80211.c b/core/hdd/src/wlan_hdd_cfg80211.c
index 0109db731132..b7b05a75783d 100644
--- a/core/hdd/src/wlan_hdd_cfg80211.c
+++ b/core/hdd/src/wlan_hdd_cfg80211.c
@@ -1617,10 +1617,17 @@ static int __wlan_hdd_cfg80211_do_acs(struct wiphy *wiphy,
 	if (ret)
 		return ret;
 
+	if (!((adapter->device_mode == QDF_SAP_MODE) ||
+	      (adapter->device_mode == QDF_P2P_GO_MODE))) {
+		hdd_err("Invalid device mode %d", adapter->device_mode);
+		return -EINVAL;
+	}
+
 	if (cds_is_sub_20_mhz_enabled()) {
 		hdd_err("ACS not supported in sub 20 MHz ch wd.");
 		return -EINVAL;
 	}
+
 	if (qdf_atomic_read(&adapter->sessionCtx.ap.acs_in_progress) > 0) {
 		hdd_err("ACS rejected as previous req already in progress");
 		return -EINVAL;
author	Hanumanth Reddy Pothula <c_hpothu@codeaurora.org>	2018-05-10 14:32:01 +0530
committer	nshrivas <nshrivas@codeaurora.org>	2018-05-18 06:53:34 -0700
commit	00dc8b9db3f07cdd900fa2b6df340a8b8060fcb2 (patch)
tree	5e50c1be83d899594a0333fe91c88f583f500204
parent	0f7d19a7b3ffe1ac9d638fd4d7fde6f0f826e42b (diff)