diff options
| author | Kalikinkar dhara <c_kaliki@qca.qualcomm.com> | 2014-04-01 12:37:16 -0700 |
|---|---|---|
| committer | Akash Patel <c_akashp@qca.qualcomm.com> | 2014-04-02 12:48:01 -0700 |
| commit | 5e4f386d66859f217c4ee2de4ff58bb103376ec6 (patch) | |
| tree | 529492eeaf445df0411324a08640102331141a7d | |
| parent | 1e0097c5535237e266eff0739929cb7c32f1b4a5 (diff) | |
qcacld:SME_PE: Fix for issues reported by Static Analysis
Fix for issue reported by static analysis like, possibility of
buffer over flow, array index out of bound etc.
Change-Id: Id89e277ec3292c11e0d1bcdf318f546baeaf530d
CRs-Fixed: 641304
| -rw-r--r-- | CORE/MAC/src/pe/lim/limProcessTdls.c | 9 | ||||
| -rw-r--r-- | CORE/SME/src/QoS/sme_Qos.c | 4 | ||||
| -rw-r--r-- | CORE/SME/src/csr/csrNeighborRoam.c | 4 | ||||
| -rw-r--r-- | CORE/SME/src/csr/csrUtil.c | 9 |
4 files changed, 20 insertions, 6 deletions
diff --git a/CORE/MAC/src/pe/lim/limProcessTdls.c b/CORE/MAC/src/pe/lim/limProcessTdls.c index 1202d7bb0a83..ba5c24d2f715 100644 --- a/CORE/MAC/src/pe/lim/limProcessTdls.c +++ b/CORE/MAC/src/pe/lim/limProcessTdls.c @@ -2547,15 +2547,14 @@ limTdlsPopulateMatchingRateSet(tpAniSirGlobal pMac, /** * Copy received rates in tempRateSet, the parser has ensured - * unicity of the rates so there cannot be more than 12 . Need to Check this - * TODO Sunil. + * unicity of the rates so there cannot be more than 12 . */ - if (supporteRatesLength > SIR_MAC_MAX_SUPP_RATES) + if (supporteRatesLength > SIR_MAC_RATESET_EID_MAX) { limLog( pMac, LOGW, FL("Supported rates length %d more than " "the Max limit, reset to Max"), - supporteRatesLength ); - supporteRatesLength = SIR_MAC_MAX_SUPP_RATES; + supporteRatesLength); + supporteRatesLength = SIR_MAC_RATESET_EID_MAX; } for (i = 0; i < supporteRatesLength; i++) diff --git a/CORE/SME/src/QoS/sme_Qos.c b/CORE/SME/src/QoS/sme_Qos.c index 9051bf35fd27..56fea414c1f6 100644 --- a/CORE/SME/src/QoS/sme_Qos.c +++ b/CORE/SME/src/QoS/sme_Qos.c @@ -1700,6 +1700,10 @@ sme_QosStatusType sme_QosInternalSetupReq(tpAniSirGlobal pMac, } else { + if (!(new_tmask > 0 && new_tmask <= SME_QOS_TSPEC_INDEX_MAX)) + { + return SME_QOS_STATUS_SETUP_FAILURE_RSP; + } tmask = new_tmask; pACInfo->requested_QoSInfo[tmask-1] = Tspec_Info; } diff --git a/CORE/SME/src/csr/csrNeighborRoam.c b/CORE/SME/src/csr/csrNeighborRoam.c index 41c3f32d83dc..b278fec06455 100644 --- a/CORE/SME/src/csr/csrNeighborRoam.c +++ b/CORE/SME/src/csr/csrNeighborRoam.c @@ -3814,6 +3814,10 @@ VOS_STATUS csrNeighborRoamTransitToCFGChanScan(tpAniSirGlobal pMac) (tANI_U8 *)pMac->roam.validChannelList, (tANI_U32 *) &numOfChannels))) { + if (numOfChannels > WNI_CFG_VALID_CHANNEL_LIST_LEN) + { + numOfChannels = WNI_CFG_VALID_CHANNEL_LIST_LEN; + } #ifdef FEATURE_WLAN_LFR /* * Prepare non-occupied channel list (channelList) diff --git a/CORE/SME/src/csr/csrUtil.c b/CORE/SME/src/csr/csrUtil.c index 5184f5f1c670..743056693235 100644 --- a/CORE/SME/src/csr/csrUtil.c +++ b/CORE/SME/src/csr/csrUtil.c @@ -3921,9 +3921,16 @@ tANI_BOOLEAN csrGetWapiInformation( tHalHandle hHal, tCsrAuthList *pAuthType, eC CSR_WAPI_OUI_SIZE); } + wapiOuiIndex = csrGetOUIIndexFromCipher( enType ); + if (wapiOuiIndex >= CSR_WAPI_OUI_SIZE) + { + smsLog(pMac, LOGE, FL("Wapi OUI index = %d out of limit"), wapiOuiIndex); + fAcceptableCyphers = FALSE; + break; + } //Check - Is requested Unicast Cipher supported by the BSS. fAcceptableCyphers = csrMatchWapiOUIIndex( pMac, pWapiIe->unicast_cipher_suites, cUnicastCyphers, - csrGetOUIIndexFromCipher( enType ), Unicast ); + wapiOuiIndex, Unicast ); if( !fAcceptableCyphers ) break; |