diff options
| author | Himanshu Agarwal <himanaga@codeaurora.org> | 2017-10-04 13:51:29 +0530 |
|---|---|---|
| committer | snandini <snandini@codeaurora.org> | 2017-10-06 14:15:44 -0700 |
| commit | e73bcb155bb84853db26530ba36a8bd0488adb3a (patch) | |
| tree | ce1d19e709461fff24af75df029b19a553b121d6 | |
| parent | 9dfdd6d96e58c10b53db7c162dadcbf329270e24 (diff) | |
qcacld-3.0: Add sanity check for vdev id to prevent OOB access
Add sanity check for vdev id in wma_nlo_scan_cmp_evt_handler()
to prevent out of bound access of memory.
Change-Id: I0589765875fc03d2712f484b44c633face37bb90
CRs-Fixed: 2119403
| -rw-r--r-- | core/wma/src/wma_scan_roam.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c index 811afea2a449..24c328bfaabf 100644 --- a/core/wma/src/wma_scan_roam.c +++ b/core/wma/src/wma_scan_roam.c @@ -3968,6 +3968,10 @@ int wma_nlo_scan_cmp_evt_handler(void *handle, uint8_t *event, WMA_LOGD("PNO scan completion event received for vdev %d", nlo_event->vdev_id); + if (nlo_event->vdev_id >= wma->max_bssid) { + WMA_LOGE("Invalid vdev id from firmware"); + return -EINVAL; + } node = &wma->interfaces[nlo_event->vdev_id]; /* Handle scan completion event only after NLO match event. */ |
