diff options
| author | Dundi Raviteja <dundi@codeaurora.org> | 2018-06-21 16:24:48 +0530 |
|---|---|---|
| committer | nshrivas <nshrivas@codeaurora.org> | 2018-07-03 01:12:52 -0700 |
| commit | 8da8f4f062c219ae11042deb7e972b23638bb0ae (patch) | |
| tree | c99c07fbf7946a5ff2e436feed29d27d48248cf2 | |
| parent | 1bfebea416681acdf3bedbf48d2059aed666817a (diff) | |
qcacld-3.0: NULL pointer De-reference in wlansap_roam_callback()
In function wlansap_roam_callback(), in some places pointer
csr_roam_info may be De-reference without checking for NULL,
which may lead to NULL pointer De-Reference.
To address this issue, add NULL check at all places where the
pointer csr_roam_info De-reference.
Change-Id: Ic932ac94ed1abca41602759ec62211094d162b8d
CRs-Fixed: 2265156
| -rw-r--r-- | core/sap/src/sap_api_link_cntl.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/core/sap/src/sap_api_link_cntl.c b/core/sap/src/sap_api_link_cntl.c index d019bbe058ce..41c542c5cbfc 100644 --- a/core/sap/src/sap_api_link_cntl.c +++ b/core/sap/src/sap_api_link_cntl.c @@ -1009,6 +1009,14 @@ wlansap_roam_callback(void *ctx, tCsrRoamInfo *csr_roam_info, uint32_t roamId, QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_INFO_MED, FL("sapdfs: Indicate eSAP_DFS_RADAR_DETECT to HDD")); + + if (!csr_roam_info) { + QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR, + FL("Invalid CSR Roam Info")); + wlansap_context_put(sap_ctx); + return -QDF_STATUS_E_INVAL; + } + sap_signal_hdd_event(sap_ctx, NULL, eSAP_DFS_RADAR_DETECT, (void *) eSAP_STATUS_SUCCESS); /* sync to latest DFS-NOL */ @@ -1091,6 +1099,14 @@ wlansap_roam_callback(void *ctx, tCsrRoamInfo *csr_roam_info, uint32_t roamId, QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_INFO_HIGH, FL("CSR roam_result = eCSR_ROAM_RESULT_INFRA_ASSOCIATION_CNF (%d)"), roam_result); + + if (!csr_roam_info) { + QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR, + FL("Invalid CSR Roam Info")); + qdf_ret_status = QDF_STATUS_E_INVAL; + break; + } + sap_ctx->nStaWPARSnReqIeLength = csr_roam_info->rsnIELen; if (sap_ctx->nStaWPARSnReqIeLength) qdf_mem_copy(sap_ctx->pStaWpaRsnReqIE, @@ -1178,6 +1194,14 @@ wlansap_roam_callback(void *ctx, tCsrRoamInfo *csr_roam_info, uint32_t roamId, QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_INFO_HIGH, FL("CSR roam_result = eCSR_ROAM_RESULT_INFRA_STARTED (%d)"), roam_result); + + if (!csr_roam_info) { + QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR, + FL("Invalid CSR Roam Info")); + qdf_ret_status = QDF_STATUS_E_INVAL; + break; + } + /* * In the current implementation, hostapd is not aware that * drive will support DFS. Hence, driver should inform |