qcacld: Fix of target assert caused by invalid vdev id in scan req

wma_start_scan is doing out of bound array access because it does not validate session id received from UMAC. Add a check for sessionId and return scan failure if its greater than wma->max_bssId. Change-Id: I7c1b36d53a27a32115dd89d777473031fe46da56 CRs-Fixed: 657576
author: Rajeev Kumar <rajekuma@qca.qualcomm.com> 2014-04-30 19:27:12 -0700
committer: Pitani Venkata Rajesh Kumar <c_vpitan@qti.qualcomm.com> 2014-05-02 10:51:40 +0530
commit: a4117131f2b0e44ef4c052e5ceefad361d31f2a9 (patch)
tree: 5e23008b1976572847b6cb627137e256b8dbdf0c
parent: 65adea1d9420002ffb7ac8429efd2f50690836fe (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/CORE/SERVICES/WMA/wma.c b/CORE/SERVICES/WMA/wma.c
index c2116a980899..47c89a42eaa6 100644
--- a/CORE/SERVICES/WMA/wma.c
+++ b/CORE/SERVICES/WMA/wma.c
@@ -4524,6 +4524,12 @@ VOS_STATUS wma_start_scan(tp_wma_handle wma_handle,
 	int len;
 	tSirScanOffloadEvent *scan_event;
 
+	if (scan_req->sessionId > wma_handle->max_bssid) {
+		WMA_LOGE("%s: Invalid vdev_id %d", __func__,
+			scan_req->sessionId);
+		goto error1;
+	}
+
 	/* Sanity check to find whether vdev id active or not */
 	if (!wma_handle->interfaces[scan_req->sessionId].handle) {
 		WMA_LOGA("vdev id [%d] is not active", scan_req->sessionId);
author	Rajeev Kumar <rajekuma@qca.qualcomm.com>	2014-04-30 19:27:12 -0700
committer	Pitani Venkata Rajesh Kumar <c_vpitan@qti.qualcomm.com>	2014-05-02 10:51:40 +0530
commit	a4117131f2b0e44ef4c052e5ceefad361d31f2a9 (patch)
tree	5e23008b1976572847b6cb627137e256b8dbdf0c
parent	65adea1d9420002ffb7ac8429efd2f50690836fe (diff)