wlan: Add NULL check before accessing configBssReqParam
Added NULL check before accessing configBssReqParam in
WDA_ProcessConfigBssReq and before sending the SIR_HAL_ADD_BSS_REQ
in limProcessMlmFTReassocReq to avoid NULL pointer dereference
at race conditions. Also added log in limProcessFTPreauthRspTimeout.
Change-Id: Iccb73d90e9b04e040f996c89d42dd7a437ed08d7
CRs-fixed: 459411
diff --git a/CORE/MAC/src/pe/lim/limFT.c b/CORE/MAC/src/pe/lim/limFT.c
index 014d5e1..1c46116 100644
--- a/CORE/MAC/src/pe/lim/limFT.c
+++ b/CORE/MAC/src/pe/lim/limFT.c
@@ -1078,7 +1078,11 @@
limDiagEventReport(pMac, WLAN_PE_DIAG_REASSOCIATING, psessionEntry, 0, 0);
#endif
-
+ if (NULL == pMac->ft.ftPEContext.pAddBssReq)
+ {
+ limLog(pMac, LOGE, FL("pAddBssReq is NULL"));
+ return;
+ }
if( eHAL_STATUS_SUCCESS != palAllocateMemory( pMac->hHdd, (void **)&pMlmReassocReq,
sizeof(tLimMlmReassocReq)))
{
@@ -1211,6 +1215,7 @@
// We have failed pre auth. We need to resume link and get back on
// home channel.
+ limLog(pMac, LOG1, FL("FT Pre-Auth Time Out!!!!"));
if((psessionEntry = peFindSessionBySessionId(pMac, pMac->lim.limTimers.gLimFTPreAuthRspTimer.sessionId))== NULL)
{
diff --git a/CORE/WDA/src/wlan_qct_wda.c b/CORE/WDA/src/wlan_qct_wda.c
index e561efe..4661890 100644
--- a/CORE/WDA/src/wlan_qct_wda.c
+++ b/CORE/WDA/src/wlan_qct_wda.c
@@ -2954,12 +2954,20 @@
tAddBssParams* configBssReqParam)
{
WDI_Status status = WDI_STATUS_SUCCESS ;
- WDI_ConfigBSSReqParamsType *wdiConfigBssReqParam =
- (WDI_ConfigBSSReqParamsType *)vos_mem_malloc(
- sizeof(WDI_ConfigBSSReqParamsType)) ;
+ WDI_ConfigBSSReqParamsType *wdiConfigBssReqParam;
tWDA_ReqParams *pWdaParams ;
VOS_TRACE( VOS_MODULE_ID_WDA, VOS_TRACE_LEVEL_INFO,
"------> %s " ,__func__);
+ if (NULL == configBssReqParam)
+ {
+ VOS_TRACE( VOS_MODULE_ID_WDA, VOS_TRACE_LEVEL_FATAL,
+ "%s: configBssReqParam is NULL", __func__);
+ return VOS_STATUS_E_INVAL;
+ }
+
+ wdiConfigBssReqParam = (WDI_ConfigBSSReqParamsType *)vos_mem_malloc(
+ sizeof(WDI_ConfigBSSReqParamsType)) ;
+
if(NULL == wdiConfigBssReqParam)
{
VOS_TRACE( VOS_MODULE_ID_WDA, VOS_TRACE_LEVEL_ERROR,