diff options
| author | Himanshu Agarwal <himanaga@codeaurora.org> | 2017-10-06 12:40:27 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2017-10-07 09:55:12 -0700 |
| commit | bc9d8db57766fdbd7016bd607cca45c5d450f983 (patch) | |
| tree | c11b7275b7b00d223c549371d1a8643b81d78291 | |
| parent | f187a7750e593582509942b96a3739839826e060 (diff) | |
qcacld-3.0: Add sanity check for vdev id to prevent OOB access
Add sanity check for vdev id in wma_vdev_start_resp_handler() to prevent
out of bound memory access.
Change-Id: Ia4e18e8e322142928c41dfa88b874ff017727266
CRs-Fixed: 2120424
| -rw-r--r-- | core/wma/src/wma_dev_if.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/core/wma/src/wma_dev_if.c b/core/wma/src/wma_dev_if.c index 8b06f1c86cb0..b0a9903af9d2 100644 --- a/core/wma/src/wma_dev_if.c +++ b/core/wma/src/wma_dev_if.c @@ -944,6 +944,11 @@ int wma_vdev_start_resp_handler(void *handle, uint8_t *cmd_param_info, return -EINVAL; } + if (resp_event->vdev_id >= wma->max_bssid) { + WMA_LOGE("Invalid vdev id received from firmware"); + return -EINVAL; + } + if (wma_is_vdev_in_ap_mode(wma, resp_event->vdev_id)) { qdf_spin_lock_bh(&wma->dfs_ic->chan_lock); wma->dfs_ic->disable_phy_err_processing = false; |
