lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Fix NULL pointer dereference in WMA

Browse Source 
Add NULL validaiton check for WMA global context
to avoid possible NULL pointer dereference.

Change-Id: I1cf0bcf574d397eb712ca0e1c39dcf848b9c5328
CRs-Fixed: 2423998
This commit is contained in:
Sandeep Puligilla 2019-06-04 01:11:26 -07:00 committed by nshrivas
parent 576b01f0c5
commit 78a8c1f6fa
1 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
core/wma/src/wma_utils.c
View File

@ -4940,10 +4940,16 @@ QDF_STATUS wma_sta_mlme_vdev_start_continue(struct vdev_mlme_obj *vdev_mlme,
QDF_STATUS wma_sta_mlme_vdev_roam_notify(struct vdev_mlme_obj *vdev_mlme,
uint16_t data_len, void *data)
{
tp_wma_handle wma = cds_get_context(QDF_MODULE_ID_WMA);
tp_wma_handle wma;
int ret;
QDF_STATUS status = QDF_STATUS_SUCCESS;
wma = cds_get_context(QDF_MODULE_ID_WMA);
if (!wma) {
WMA_LOGE("%s wma handle is NULL", __func__);
return QDF_STATUS_E_INVAL;
}
ret = wma_mlme_roam_synch_event_handler_cb(wma, data, data_len);
if (ret != 0) {
wma_err("Failed to process roam synch event");
@ -4956,10 +4962,16 @@ QDF_STATUS wma_sta_mlme_vdev_roam_notify(struct vdev_mlme_obj *vdev_mlme,
QDF_STATUS wma_ap_mlme_vdev_start_continue(struct vdev_mlme_obj *vdev_mlme,
uint16_t data_len, void *data)
{
tp_wma_handle wma = cds_get_context(QDF_MODULE_ID_WMA);
tp_wma_handle wma;
QDF_STATUS status = QDF_STATUS_SUCCESS;
struct wlan_objmgr_vdev *vdev = vdev_mlme->vdev;
wma = cds_get_context(QDF_MODULE_ID_WMA);
if (!wma) {
WMA_LOGE("%s wma handle is NULL", __func__);
return QDF_STATUS_E_INVAL;
}
if (mlme_is_chan_switch_in_progress(vdev)) {
wma_send_msg_high_priority(wma, WMA_SWITCH_CHANNEL_RSP,
data, 0);
@ -4986,6 +4998,11 @@ QDF_STATUS wma_ap_mlme_vdev_down_send(struct vdev_mlme_obj *vdev_mlme,
{
tp_wma_handle wma = cds_get_context(QDF_MODULE_ID_WMA);
if (!wma) {
WMA_LOGE("%s wma handle is NULL", __func__);
return QDF_STATUS_E_INVAL;
}
wma_send_vdev_down(wma, (struct wma_target_req *)data);
return QDF_STATUS_SUCCESS;
@ -4995,9 +5012,15 @@ QDF_STATUS
wma_mlme_vdev_notify_down_complete(struct vdev_mlme_obj *vdev_mlme,
uint16_t data_len, void *data)
{
tp_wma_handle wma = cds_get_context(QDF_MODULE_ID_WMA);
tp_wma_handle wma;
struct wma_target_req *req = (struct wma_target_req *)data;
wma = cds_get_context(QDF_MODULE_ID_WMA);
if (!wma) {
WMA_LOGE("%s wma handle is NULL", __func__);
return QDF_STATUS_E_INVAL;
}
if (req->msg_type == WMA_DELETE_BSS_HO_FAIL_REQ) {
tpDeleteBssParams params =
(tpDeleteBssParams)req->user_data;
@ -5023,9 +5046,15 @@ QDF_STATUS wma_ap_mlme_vdev_stop_start_send(struct vdev_mlme_obj *vdev_mlme,
enum vdev_cmd_type type,
uint16_t data_len, void *data)
{
tp_wma_handle wma = cds_get_context(QDF_MODULE_ID_WMA);
tp_wma_handle wma;
tpAddBssParams bss_params = (tpAddBssParams)data;
wma = cds_get_context(QDF_MODULE_ID_WMA);
if (!wma) {
WMA_LOGE("%s wma handle is NULL", __func__);
return QDF_STATUS_E_INVAL;
}
if (wma_send_vdev_stop_to_fw(wma, bss_params->bss_idx))
WMA_LOGE(FL("Failed to send vdev stop for vdev id %d"),
bss_params->bss_idx);