From 7a02ceac3bae3a3a1289d3a3228dfbc3e513d5ef Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dhanotiya Date: Fri, 1 May 2020 13:08:34 +0530 Subject: [PATCH] qcacld-3.0: Validate he operation info before nla put Currenly when driver receives get station info command in in sta mode, he operation information is also copied to the response buffer. Host does not validate he operation info and tries to do nla put which is leading to NULL pointer dereference. To address above issue, add a check to validate the he operation info before nla put operation. Change-Id: Iaa093e4d4e3a9cec978f16c69a66c778b2dcf79f CRs-Fixed: 2676773 --- core/hdd/src/wlan_hdd_station_info.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/core/hdd/src/wlan_hdd_station_info.c b/core/hdd/src/wlan_hdd_station_info.c index db1ac1abad569..eb1710c616765 100644 --- a/core/hdd/src/wlan_hdd_station_info.c +++ b/core/hdd/src/wlan_hdd_station_info.c @@ -591,6 +591,10 @@ static int32_t hdd_add_he_oper_info( { int32_t ret = 0; + if (!hdd_sta_ctx->cache_conn_info.he_oper_len || + !hdd_sta_ctx->cache_conn_info.he_operation) + return ret; + if (nla_put(skb, HE_OPERATION, hdd_sta_ctx->cache_conn_info.he_oper_len, hdd_sta_ctx->cache_conn_info.he_operation))