summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHimanshu Agarwal <himanaga@codeaurora.org>2017-10-04 13:51:29 +0530
committersnandini <snandini@codeaurora.org>2017-10-06 14:15:44 -0700
commite73bcb155bb84853db26530ba36a8bd0488adb3a (patch)
treece1d19e709461fff24af75df029b19a553b121d6
parent9dfdd6d96e58c10b53db7c162dadcbf329270e24 (diff)
qcacld-3.0: Add sanity check for vdev id to prevent OOB access
Add sanity check for vdev id in wma_nlo_scan_cmp_evt_handler() to prevent out of bound access of memory. Change-Id: I0589765875fc03d2712f484b44c633face37bb90 CRs-Fixed: 2119403
-rw-r--r--core/wma/src/wma_scan_roam.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c
index 811afea2a449..24c328bfaabf 100644
--- a/core/wma/src/wma_scan_roam.c
+++ b/core/wma/src/wma_scan_roam.c
@@ -3968,6 +3968,10 @@ int wma_nlo_scan_cmp_evt_handler(void *handle, uint8_t *event,
WMA_LOGD("PNO scan completion event received for vdev %d",
nlo_event->vdev_id);
+ if (nlo_event->vdev_id >= wma->max_bssid) {
+ WMA_LOGE("Invalid vdev id from firmware");
+ return -EINVAL;
+ }
node = &wma->interfaces[nlo_event->vdev_id];
/* Handle scan completion event only after NLO match event. */