diff options
| author | Yingying Tang <yintang@codeaurora.org> | 2016-09-21 15:57:23 +0800 |
|---|---|---|
| committer | Anjaneedevi Kapparapu <akappa@codeaurora.org> | 2016-09-22 11:25:34 +0530 |
| commit | 8478bc2343f832ace281185083c67c784bcc6c5e (patch) | |
| tree | 0593a67e2b3b187b11dca6ea996695f4489522e1 | |
| parent | 46f5e2b3a4ca80fa3aac381ae19af86a5781bd81 (diff) | |
qcacld-2.0: Fix incorrect NULL pointer check for MAC layer
Currently there are some places where array name is compared to NULL
in MAC. Add fix to correct it.
CRs-Fixed: 1063255
Change-Id: I4f620feff23475d0b719fae7ef8e0ac1ab3b8908
| -rw-r--r-- | CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c | 4 | ||||
| -rw-r--r-- | CORE/MAC/src/pe/lim/limProcessAuthFrame.c | 33 | ||||
| -rw-r--r-- | CORE/MAC/src/pe/lim/limProcessDeauthFrame.c | 9 | ||||
| -rw-r--r-- | CORE/MAC/src/pe/lim/limProcessMlmReqMessages.c | 4 | ||||
| -rw-r--r-- | CORE/MAC/src/pe/lim/limScanResultUtils.c | 3 |
5 files changed, 8 insertions, 45 deletions
diff --git a/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c b/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c index cf803cb8add7..314f20099678 100644 --- a/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c +++ b/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c @@ -377,10 +377,6 @@ limProcessAssocRspFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tANI_U8 sub limLog(pMac, LOGE, FL("LFR3: Reassoc response packet header is NULL")); return; - } else if ( pHdr->sa == NULL) { - limLog(pMac, LOGE, - FL("LFR3: Reassoc response packet source address is NULL")); - return; } limLog(pMac, LOG1, diff --git a/CORE/MAC/src/pe/lim/limProcessAuthFrame.c b/CORE/MAC/src/pe/lim/limProcessAuthFrame.c index 1fcaab0ceb13..355765784a08 100644 --- a/CORE/MAC/src/pe/lim/limProcessAuthFrame.c +++ b/CORE/MAC/src/pe/lim/limProcessAuthFrame.c @@ -1242,38 +1242,6 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse if (pKeyMapEntry) { - if (pKeyMapEntry->key == NULL) - { - // Log error - PELOGE(limLog(pMac, LOGE, - FL("received Auth frame from peer when key mapping key is NULL" - MAC_ADDRESS_STR),MAC_ADDR_ARRAY(pHdr->sa));) - - /** - * Key Mapping entry has null key. - * Send Auth frame with - * challenge failure status code - */ - authFrame.authAlgoNumber = - pRxAuthFrameBody->authAlgoNumber; - authFrame.authTransactionSeqNumber = - pRxAuthFrameBody->authTransactionSeqNumber + 1; - authFrame.authStatusCode = - eSIR_MAC_CHALLENGE_FAILURE_STATUS; - - limSendAuthMgmtFrame(pMac, &authFrame, - pHdr->sa, - LIM_NO_WEP_IN_FC, - psessionEntry, - eSIR_FALSE); - - limRestoreFromAuthState(pMac, eSIR_SME_NO_KEY_MAPPING_KEY_FOR_PEER, - eSIR_MAC_UNSPEC_FAILURE_REASON,psessionEntry); - - return; - } // if (pKeyMapEntry->key == NULL) - else - { ((tpSirMacAuthFrameBody) plainBody)->authAlgoNumber = sirSwapU16ifNeeded(pRxAuthFrameBody->authAlgoNumber); ((tpSirMacAuthFrameBody) plainBody)->authTransactionSeqNumber = @@ -1301,7 +1269,6 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse eSIR_FALSE); break; - } // end if (pKeyMapEntry->key == NULL) } // if (pKeyMapEntry) else { diff --git a/CORE/MAC/src/pe/lim/limProcessDeauthFrame.c b/CORE/MAC/src/pe/lim/limProcessDeauthFrame.c index c0ec1e6973fc..24c41d3e7222 100644 --- a/CORE/MAC/src/pe/lim/limProcessDeauthFrame.c +++ b/CORE/MAC/src/pe/lim/limProcessDeauthFrame.c @@ -246,10 +246,11 @@ limProcessDeauthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession p * AP we're currently associated with (case a), then proceed * with normal deauth processing. */ - if ( psessionEntry->limReAssocbssId!=NULL ) - { - pRoamSessionEntry = peFindSessionByBssid(pMac, psessionEntry->limReAssocbssId, &roamSessionId); - } + + pRoamSessionEntry = + peFindSessionByBssid(pMac, psessionEntry->limReAssocbssId, + &roamSessionId); + if (limIsReassocInProgress(pMac,psessionEntry) || limIsReassocInProgress(pMac,pRoamSessionEntry)) { if (!IS_REASSOC_BSSID(pMac,pHdr->sa,psessionEntry)) { PELOGE(limLog(pMac, LOGE, FL("Rcv Deauth from unknown/different " diff --git a/CORE/MAC/src/pe/lim/limProcessMlmReqMessages.c b/CORE/MAC/src/pe/lim/limProcessMlmReqMessages.c index 351e0e86e04d..e447fa84c337 100644 --- a/CORE/MAC/src/pe/lim/limProcessMlmReqMessages.c +++ b/CORE/MAC/src/pe/lim/limProcessMlmReqMessages.c @@ -3712,7 +3712,7 @@ limProcessMinChannelTimeout(tpAniSirGlobal pMac) { // This shouldn't be the case, but when this happens, this timeout should be for the last channelId. // Get the channelNum as close to correct as possible. - if(pMac->lim.gpLimMlmScanReq->channelList.channelNumber) + if (pMac->lim.gpLimMlmScanReq->channelList.numChannels > 0) { channelNum = pMac->lim.gpLimMlmScanReq->channelList.channelNumber[pMac->lim.gpLimMlmScanReq->channelList.numChannels - 1]; } @@ -3788,7 +3788,7 @@ limProcessMaxChannelTimeout(tpAniSirGlobal pMac) } else { - if(pMac->lim.gpLimMlmScanReq->channelList.channelNumber) + if (pMac->lim.gpLimMlmScanReq->channelList.numChannels > 0) { channelNum = pMac->lim.gpLimMlmScanReq->channelList.channelNumber[pMac->lim.gpLimMlmScanReq->channelList.numChannels - 1]; } diff --git a/CORE/MAC/src/pe/lim/limScanResultUtils.c b/CORE/MAC/src/pe/lim/limScanResultUtils.c index 200423e1d33d..772f2ed4dd0a 100644 --- a/CORE/MAC/src/pe/lim/limScanResultUtils.c +++ b/CORE/MAC/src/pe/lim/limScanResultUtils.c @@ -428,8 +428,7 @@ limCheckAndAddBssDescription(tpAniSirGlobal pMac, ( pMac->lim.gLimReturnAfterFirstMatch & 0x01 ) && (pMac->lim.gpLimMlmScanReq->numSsid) && !limIsScanRequestedSSID(pMac, &pBPR->ssId)) || - (!fFound && (pMac->lim.gpLimMlmScanReq && - pMac->lim.gpLimMlmScanReq->bssId) && + (!fFound && (pMac->lim.gpLimMlmScanReq) && !vos_mem_compare(bssid, &pMac->lim.gpLimMlmScanReq->bssId, 6)))) { |