wlan: bap: fix unsafe use of assert

The CR identifies improper use of vos assert. At some places NULL
pointers are asserted but no action is taken. Patch fix such issues.
.
Change-Id: I8a278fe019948630f629d8e76abd8f262ab5aa2c
CRs-Fixed: 589661

5 files changed, 24 insertions, 10 deletions

diff --git a/CORE/BAP/src/bapModule.c b/CORE/BAP/src/bapModule.c
index 2fd8c37725d7..88b27af5c30d 100644
--- a/CORE/BAP/src/bapModule.c
+++ b/CORE/BAP/src/bapModule.c
@@ -1223,8 +1223,13 @@ WLANBAP_ReadMacConfig
 
   ccmCfgGetStr( pMac, WNI_CFG_STA_ID, pBtStaOwnMacAddr, &len );
 
-  VOS_ASSERT( WNI_CFG_BSSID_LEN == len );
-  
+  if (WNI_CFG_BSSID_LEN != len)
+  {
+      VOS_TRACE( VOS_MODULE_ID_BAP, VOS_TRACE_LEVEL_ERROR,
+                   "len is improper %s", __func__);
+      return;
+  }
+
   /* Form the SSID from Mac address */
   VOS_SNPRINTF( pBtStaOwnSsid, WLAN_BAP_SSID_MAX_LEN,
             "AMP-%02x-%02x-%02x-%02x-%02x-%02x",
diff --git a/CORE/BAP/src/bapRsn8021xAuthFsm.c b/CORE/BAP/src/bapRsn8021xAuthFsm.c
index 2ce59a78c530..98ba3d16483f 100644
--- a/CORE/BAP/src/bapRsn8021xAuthFsm.c
+++ b/CORE/BAP/src/bapRsn8021xAuthFsm.c
@@ -1017,7 +1017,11 @@ int derivePtk(tAuthRsnFsm *fsm, tAniEapolKeyAvailEventData *data)
     v_U32_t prfLen;
     tAniEapolRsnKeyDesc *rxDesc;
 
-    VOS_ASSERT(fsm->staCtx->pmk);
+    if (NULL == fsm->staCtx->pmk)
+    {
+       VOS_ASSERT(0);
+       return ANI_E_NULL_VALUE;
+    }
 
     switch (fsm->staCtx->pwCipherType) 
     {
diff --git a/CORE/BAP/src/bapRsn8021xPrf.c b/CORE/BAP/src/bapRsn8021xPrf.c
index ebd50fa7de4d..4b8a7e01be54 100644
--- a/CORE/BAP/src/bapRsn8021xPrf.c
+++ b/CORE/BAP/src/bapRsn8021xPrf.c
@@ -249,8 +249,12 @@ aagPrf(v_U32_t cryptHandle,
 
     for (i = 0; i < numLoops; i++) 
     {
-        VOS_ASSERT((resultOffset - result + VOS_DIGEST_SHA1_SIZE)
-               <= AAG_PRF_MAX_OUTPUT_SIZE);
+        if ((resultOffset - result + VOS_DIGEST_SHA1_SIZE) > AAG_PRF_MAX_OUTPUT_SIZE)
+        {
+            VOS_ASSERT(0);
+            return ANI_ERROR;
+        }
+
         hmacText[loopCtrPos] = i;
         if( VOS_IS_STATUS_SUCCESS( vos_sha1_hmac_str(cryptHandle, hmacText, loopCtrPos + 1, key, keyLen, resultOffset) ) )
         {
diff --git a/CORE/BAP/src/bapRsnSsmAesKeyWrap.c b/CORE/BAP/src/bapRsnSsmAesKeyWrap.c
index 0e8858cb4fc1..398a0be95e23 100644
--- a/CORE/BAP/src/bapRsnSsmAesKeyWrap.c
+++ b/CORE/BAP/src/bapRsnSsmAesKeyWrap.c
@@ -273,8 +273,6 @@ aes(v_U32_t cryptHandle, tANI_U8 *keyBytes, tANI_U32 keyLen,
     tANI_U8 in[AES_BLOCK_SIZE];
     tANI_U8 *out;
 
-    VOS_ASSERT (AES_BLOCK_SIZE == ANI_SSM_AES_KEY_WRAP_BLOCK_SIZE*2);
-
     // Concatenate A and R[i]
     vos_mem_copy(in, a, ANI_SSM_AES_KEY_WRAP_BLOCK_SIZE);
     vos_mem_copy(in + ANI_SSM_AES_KEY_WRAP_BLOCK_SIZE, 
@@ -317,8 +315,6 @@ aes_1(v_U32_t cryptHandle, tANI_U8 *keyBytes, tANI_U32 keyLen,
     tANI_U8 in[AES_BLOCK_SIZE];
     tANI_U8 *out;
 
-    VOS_ASSERT (AES_BLOCK_SIZE == ANI_SSM_AES_KEY_WRAP_BLOCK_SIZE*2);
-
     // Concatenate A and R[i]
     vos_mem_copy(in, at, ANI_SSM_AES_KEY_WRAP_BLOCK_SIZE);
     vos_mem_copy(in + ANI_SSM_AES_KEY_WRAP_BLOCK_SIZE, 
diff --git a/CORE/BAP/src/bapRsnSsmEapol.c b/CORE/BAP/src/bapRsnSsmEapol.c
index ea39c7bd4cd3..14f2f93a9c79 100644
--- a/CORE/BAP/src/bapRsnSsmEapol.c
+++ b/CORE/BAP/src/bapRsnSsmEapol.c
@@ -1099,7 +1099,12 @@ int bapRsnFormPktFromVosPkt( tAniPacket **ppPacket, vos_pkt_t *pVosPacket )
         if( !ANI_IS_STATUS_SUCCESS( retVal ) ) break;
         //Get the rest of the data in
         uPktLen -= BAP_RSN_ETHERNET_3_HEADER_LEN;
-        VOS_ASSERT( uPktLen > 0 );
+        if (uPktLen <= 0){
+           VOS_ASSERT(0);
+           retVal = ANI_ERROR;
+           break;
+        }
+
         retVal = aniAsfPacketAppendBuffer( pAniPacket, pFrame + BAP_RSN_ETHERNET_3_HEADER_LEN, 
                             uPktLen );
         if( !ANI_IS_STATUS_SUCCESS( retVal ) )