lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d54655fb56
android_kernel_xiaomi_sm8350/core
History
Pragaspathi Thilagaraj d54655fb56 qcacld-3.0: Validate number of requested EIDs in beacon request 
If the requested info field in beacon report request is present,
the driver tries to allocate memory for the target beacon report
EIDs from the number of requested EIDs received from the frame.
In SLUB disabled builds, the qdf_mem_malloc function doesn't
validate if the size provided is 0 and returns the value
ZERO_SIZE_PTR(((void *)16)) for the pointer. When this pointer
is dereferenced, it causes invalid address dereference.

Since the number of requested EIDs is directly controlled by the
frame sent by AP, validate this value before using it to allocate
memory.

Change-Id: Icbac3e952de0d7ae3144e9b319f2c51ccdf93ac5
CRs-Fixed: 2571480
2019-12-06 01:51:22 -08:00
..
bmi qcacld-3.0: Add synchronization between unloading & SSR recovering 2019-10-19 19:25:31 -07:00
cds qcacld-3.0: Affine RX thread to big cluster during uplink 2019-12-05 18:05:10 -08:00
dp qcacld-3.0: Cleanup local peer id from ol_txrx APIs 2019-12-06 01:50:57 -08:00
hdd qcacld-3.0: Peer ID cleanup in LIM, HDD and WMA 2019-12-06 01:51:09 -08:00
mac qcacld-3.0: Validate number of requested EIDs in beacon request 2019-12-06 01:51:22 -08:00
pld qcacld-3.0: Add WHUNT bus types in pld_lock/unlock_reg_window APIs 2019-11-19 03:38:43 -08:00
sap qcacld-3.0: Fill seg1 for 160 mhz BW in ACS result 2019-12-04 09:30:44 -08:00
sme qcacld-3.0: Peer ID cleanup in LIM, HDD and WMA 2019-12-06 01:51:09 -08:00
wma qcacld-3.0: Peer ID cleanup in LIM, HDD and WMA 2019-12-06 01:51:09 -08:00