summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHimanshu Agarwal <himanaga@codeaurora.org>2017-10-04 14:59:52 +0530
committersnandini <snandini@codeaurora.org>2017-10-06 14:44:27 -0700
commit1bab281747ee945deddaeebb327b25b76e40f704 (patch)
tree894129b00db1fbd833a447aab9ef0eff56a51492
parent5294a4e6753a1ab0f8f199beddb72535464b3911 (diff)
qcacld-3.0: Add sanity check for vdev id to prevent OOB access
Add sanity check for vdev id in wma_scan_event_callback() to prevent out of bound access of memory. Change-Id: I2a264029a4d80a5478f786f91923ca26af2db74a CRs-Fixed: 2119399
-rw-r--r--core/wma/src/wma_scan_roam.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c
index 989bb4ded10b..0ccdb8be8e8b 100644
--- a/core/wma/src/wma_scan_roam.c
+++ b/core/wma/src/wma_scan_roam.c
@@ -6113,6 +6113,11 @@ int wma_scan_event_callback(WMA_HANDLE handle, uint8_t *data,
uint8_t vdev_id;
uint32_t scan_id;
+ if (wmi_event->vdev_id >= wma_handle->max_bssid) {
+ WMA_LOGE("Invalid vdev id from firmware");
+ return -EINVAL;
+ }
+
param_buf = (WMI_SCAN_EVENTID_param_tlvs *) data;
wmi_event = param_buf->fixed_param;
vdev_id = wmi_event->vdev_id;