Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / vendor / qcom-opensource / wlan / prima / 67b82f6f1bef0c5d787b284c204593a60b34522b^! / .
commit67b82f6f1bef0c5d787b284c204593a60b34522b[log] [tgz]
authorMadan Mohan Koyyalamudi <mkoyyala@qca.qualcomm.com>Fri Jun 21 18:35:53 2013 +0530
committerMadan Mohan Koyyalamudi <mkoyyala@qca.qualcomm.com>Mon Jul 22 12:19:10 2013 -0700
treeb5ef28ff2f3518211ba5ef0f81ba998f437e6262
parent4a9d1238f7a8d67faeb3ddeebb092f7effa8ae3e [diff]
wlan: Add NULL check before accessing configBssReqParam

Added NULL check before accessing configBssReqParam in
WDA_ProcessConfigBssReq and before sending the SIR_HAL_ADD_BSS_REQ
in limProcessMlmFTReassocReq to avoid NULL pointer dereference
at race conditions. Also added log in limProcessFTPreauthRspTimeout.

Change-Id: Iccb73d90e9b04e040f996c89d42dd7a437ed08d7
CRs-fixed: 459411

diff --git a/CORE/MAC/src/pe/lim/limFT.c b/CORE/MAC/src/pe/lim/limFT.c
index 014d5e1..1c46116 100644
--- a/CORE/MAC/src/pe/lim/limFT.c
+++ b/CORE/MAC/src/pe/lim/limFT.c

@@ -1078,7 +1078,11 @@
     limDiagEventReport(pMac, WLAN_PE_DIAG_REASSOCIATING, psessionEntry, 0, 0);
 #endif
 
-
+    if (NULL == pMac->ft.ftPEContext.pAddBssReq)
+    {
+        limLog(pMac, LOGE, FL("pAddBssReq is NULL"));
+        return;
+    }
     if( eHAL_STATUS_SUCCESS != palAllocateMemory( pMac->hHdd, (void **)&pMlmReassocReq,
         sizeof(tLimMlmReassocReq)))
     {
@@ -1211,6 +1215,7 @@
 
     // We have failed pre auth. We need to resume link and get back on
     // home channel.
+    limLog(pMac, LOG1, FL("FT Pre-Auth Time Out!!!!"));
 
     if((psessionEntry = peFindSessionBySessionId(pMac, pMac->lim.limTimers.gLimFTPreAuthRspTimer.sessionId))== NULL) 
     {

diff --git a/CORE/WDA/src/wlan_qct_wda.c b/CORE/WDA/src/wlan_qct_wda.c
index e561efe..4661890 100644
--- a/CORE/WDA/src/wlan_qct_wda.c
+++ b/CORE/WDA/src/wlan_qct_wda.c

@@ -2954,12 +2954,20 @@
                                          tAddBssParams* configBssReqParam)
 {
    WDI_Status status = WDI_STATUS_SUCCESS ;
-   WDI_ConfigBSSReqParamsType *wdiConfigBssReqParam =
-                             (WDI_ConfigBSSReqParamsType *)vos_mem_malloc(
-                                   sizeof(WDI_ConfigBSSReqParamsType)) ;
+   WDI_ConfigBSSReqParamsType *wdiConfigBssReqParam;
    tWDA_ReqParams *pWdaParams ;
    VOS_TRACE( VOS_MODULE_ID_WDA, VOS_TRACE_LEVEL_INFO,
                                           "------> %s " ,__func__);
+   if (NULL == configBssReqParam)
+   {
+      VOS_TRACE( VOS_MODULE_ID_WDA, VOS_TRACE_LEVEL_FATAL,
+                           "%s: configBssReqParam is NULL", __func__);
+      return VOS_STATUS_E_INVAL;
+   }
+
+   wdiConfigBssReqParam = (WDI_ConfigBSSReqParamsType *)vos_mem_malloc(
+                          sizeof(WDI_ConfigBSSReqParamsType)) ;
+
    if(NULL == wdiConfigBssReqParam) 
    {
       VOS_TRACE( VOS_MODULE_ID_WDA, VOS_TRACE_LEVEL_ERROR,