diff options
| author | Yeshwanth Sriram Guntuka <ysriramg@codeaurora.org> | 2018-06-21 17:11:00 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2018-06-26 05:17:33 -0700 |
| commit | 38fbb31b157a41f1ff0c56b72096fbda905ea3c1 (patch) | |
| tree | bfddf2ba567680abe29bb47dc1cf1b5051c9036e | |
| parent | 9b1999e046a73f76ba88e90f342c0670efd04d8e (diff) | |
qcacld-3.0: Fix possible NULL pointer dereference in wma_process_dhcp_ind
In wma_send_dhcp_ind, wma_process_dhcp_ind is invoked
with wma_handle as argument without NULL validation.
This could result in NULL pointer dereference in
wma_process_dhcp_ind function.
Fix is to validate wma_handle before invoking
wma_process_dhcp_ind function.
Change-Id: Ia0e9b467f768485fce36f8a7c00e96c8e3d59f33
CRs-Fixed: 2265183
| -rw-r--r-- | core/wma/src/wma_features.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/core/wma/src/wma_features.c b/core/wma/src/wma_features.c index 97b31fe3ae97..0519fd99e5a9 100644 --- a/core/wma/src/wma_features.c +++ b/core/wma/src/wma_features.c @@ -11550,6 +11550,13 @@ QDF_STATUS wma_send_dhcp_ind(uint16_t type, uint8_t device_mode, { QDF_STATUS qdf_status = QDF_STATUS_SUCCESS; tAniDHCPInd *msg; + tp_wma_handle wma_handle; + + wma_handle = cds_get_context(QDF_MODULE_ID_WMA); + if (!wma_handle) { + WMA_LOGE("%s : Failed to get wma_handle", __func__); + return QDF_STATUS_E_INVAL; + } msg = (tAniDHCPInd *) qdf_mem_malloc(sizeof(tAniDHCPInd)); if (NULL == msg) { @@ -11564,8 +11571,7 @@ QDF_STATUS wma_send_dhcp_ind(uint16_t type, uint8_t device_mode, qdf_mem_copy(msg->adapterMacAddr.bytes, mac_addr, QDF_MAC_ADDR_SIZE); qdf_mem_copy(msg->peerMacAddr.bytes, peer_mac_addr, QDF_MAC_ADDR_SIZE); - qdf_status = wma_process_dhcp_ind(cds_get_context(QDF_MODULE_ID_WMA), - (tAniDHCPInd *)msg); + qdf_status = wma_process_dhcp_ind(wma_handle, (tAniDHCPInd *)msg); if (!QDF_IS_STATUS_SUCCESS(qdf_status)) { QDF_TRACE(QDF_MODULE_ID_WMA, QDF_TRACE_LEVEL_ERROR, "%s: Failed to send DHCP indication", __func__); |