qcacld: Fix of kernel panic in LIM MLM response handler

In limProcessSwitchChannelJoinReq() adding null pointer check
for pLimJoinReq and also making sure pointer is valid before
freeing it.

Change-Id: I3cf3dc9299bf9a31ece9e1b126ade2994ea0faad
CRs-fixed: 611685

1 files changed, 12 insertions, 3 deletions

diff --git a/CORE/MAC/src/pe/lim/limProcessMlmRspMessages.c b/CORE/MAC/src/pe/lim/limProcessMlmRspMessages.c
index 489b96689ab1..4cff521738f2 100644
--- a/CORE/MAC/src/pe/lim/limProcessMlmRspMessages.c
+++ b/CORE/MAC/src/pe/lim/limProcessMlmRspMessages.c
@@ -3611,7 +3611,8 @@ static void limProcessSwitchChannelJoinReq(tpAniSirGlobal pMac, tpPESession pses
         goto error;
     }
 
-    if ( (NULL == psessionEntry ) || (NULL == psessionEntry->pLimMlmJoinReq) )
+    if ( (NULL == psessionEntry ) || (NULL == psessionEntry->pLimMlmJoinReq) ||
+         (NULL == psessionEntry->pLimJoinReq) )
     {
         PELOGE(limLog(pMac, LOGE, FL("invalid pointer!!"));)
         goto error;
@@ -3674,8 +3675,16 @@ static void limProcessSwitchChannelJoinReq(tpAniSirGlobal pMac, tpPESession pses
 error:  
     if(NULL != psessionEntry)
     {
-        vos_mem_free(psessionEntry->pLimMlmJoinReq);
-        psessionEntry->pLimMlmJoinReq = NULL;
+        if (psessionEntry->pLimMlmJoinReq)
+        {
+            vos_mem_free(psessionEntry->pLimMlmJoinReq);
+            psessionEntry->pLimMlmJoinReq = NULL;
+        }
+        if (psessionEntry->pLimJoinReq)
+        {
+            vos_mem_free(psessionEntry->pLimJoinReq);
+            psessionEntry->pLimJoinReq = NULL;
+        }
         mlmJoinCnf.sessionId = psessionEntry->peSessionId;
     }
     else