diff options
| author | Selvaraj, Sridhar <sselvara@qti.qualcomm.com> | 2016-06-07 15:52:06 +0530 |
|---|---|---|
| committer | Anjaneedevi Kapparapu <akappa@codeaurora.org> | 2016-06-09 14:57:29 +0530 |
| commit | 96646d1eb48c4f3bf45555b8f636f90cf925b8b8 (patch) | |
| tree | f2103f0018902e40c943f8a8d89ff393f2ccf70a | |
| parent | 681c310490e49adc43065d1d11006c5a5dc43568 (diff) | |
qcacld-2.0: Fix stack corruption issue in sme_RrmProcessNeighborReport
When STA process Neighbor report from AP, session_id is declared
as one byte variable and its overwritten with four bytes value
in csrRoamGetSessionIdFromBSSID. This is observed on enabling stack
protection in kernel config(CONFIG_CC_STACKPROTECTOR).
Fix is to declare session_id as four bytes variable.
Change-Id: I6b2fd40a5466fe5dd72d394abb682229a550e0b1
CRs-Fixed: 1025272
| -rw-r--r-- | CORE/SME/inc/csrInternal.h | 2 | ||||
| -rw-r--r-- | CORE/SME/src/csr/csrApiRoam.c | 2 | ||||
| -rw-r--r-- | CORE/SME/src/rrm/sme_rrm.c | 4 |
3 files changed, 4 insertions, 4 deletions
diff --git a/CORE/SME/inc/csrInternal.h b/CORE/SME/inc/csrInternal.h index 1cb1d7b8914c..06d30b57e5dd 100644 --- a/CORE/SME/inc/csrInternal.h +++ b/CORE/SME/inc/csrInternal.h @@ -1521,7 +1521,7 @@ tANI_BOOLEAN csrRoamIs11rAssoc(tpAniSirGlobal pMac, tANI_U8 sessionId); //Returns whether the current association is a ESE assoc or not tANI_BOOLEAN csrRoamIsESEAssoc(tpAniSirGlobal pMac, tANI_U8 sessionId); tANI_BOOLEAN csrRoamIsEseIniFeatureEnabled(tpAniSirGlobal pMac); -tANI_BOOLEAN csrNeighborRoamIsESEAssoc(tpAniSirGlobal pMac, tANI_U8 sessionId); +tANI_BOOLEAN csrNeighborRoamIsESEAssoc(tpAniSirGlobal pMac, tANI_U32 sessionId); #endif //Remove this code once SLM_Sessionization is supported diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c index 43c43262f0fa..c5b1126cad93 100644 --- a/CORE/SME/src/csr/csrApiRoam.c +++ b/CORE/SME/src/csr/csrApiRoam.c @@ -5663,7 +5663,7 @@ tANI_BOOLEAN csrRoamIsFastRoamEnabled(tpAniSirGlobal pMac, tANI_U32 sessionId) \return eANI_BOOLEAN_TRUE if current assoc is ESE, eANI_BOOLEAN_FALSE otherwise ---------------------------------------------------------------------------*/ -tANI_BOOLEAN csrNeighborRoamIsESEAssoc(tpAniSirGlobal pMac, tANI_U8 sessionId) +tANI_BOOLEAN csrNeighborRoamIsESEAssoc(tpAniSirGlobal pMac, tANI_U32 sessionId) { return pMac->roam.neighborRoamInfo[sessionId].isESEAssoc; } diff --git a/CORE/SME/src/rrm/sme_rrm.c b/CORE/SME/src/rrm/sme_rrm.c index feff4e197490..a8aa27a39a1c 100644 --- a/CORE/SME/src/rrm/sme_rrm.c +++ b/CORE/SME/src/rrm/sme_rrm.c @@ -1228,11 +1228,11 @@ eHalStatus sme_RrmProcessNeighborReport(tpAniSirGlobal pMac, void *pMsgBuf) tpRrmNeighborReportDesc pNeighborReportDesc; tANI_U8 i = 0; VOS_STATUS vosStatus = VOS_STATUS_SUCCESS; - tANI_U8 sessionId; + tANI_U32 sessionId; /* Get the session id */ status = csrRoamGetSessionIdFromBSSID(pMac, (tCsrBssid *)pNeighborRpt->bssId, - (tANI_U32*) &sessionId); + &sessionId); if (HAL_STATUS_SUCCESS(status)) { #ifdef FEATURE_WLAN_ESE /* Clear the cache for ESE. */ |