wlan: Validate adapter's magic number in timer handlers
Before accessing adapter context, validate adapter's magic number
along with NULL check to confirm that instance of adapter context
is valid.
Change-Id: If0365c765ad87be53b7e78d8744f0dcfe1a310ab
CRs-Fixed: 803527.
diff --git a/CORE/HDD/src/wlan_hdd_dev_pwr.c b/CORE/HDD/src/wlan_hdd_dev_pwr.c
index 2bdc83a..a4b1e7c 100644
--- a/CORE/HDD/src/wlan_hdd_dev_pwr.c
+++ b/CORE/HDD/src/wlan_hdd_dev_pwr.c
@@ -501,10 +501,10 @@
staAdapater = hdd_get_adapter(pHddCtx, WLAN_HDD_INFRA_STATION);
- if(NULL == staAdapater)
+ if ((NULL == staAdapater) || (WLAN_HDD_ADAPTER_MAGIC != staAdapater->magic))
{
VOS_TRACE(VOS_MODULE_ID_HDD,VOS_TRACE_LEVEL_ERROR,
- "%s: NULL Adapter", __func__);
+ FL("invalid Adapter %p"), staAdapater);
VOS_ASSERT(0);
return;
}
diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c
index 64d0e6e..e47ad0d 100644
--- a/CORE/HDD/src/wlan_hdd_hostapd.c
+++ b/CORE/HDD/src/wlan_hdd_hostapd.c
@@ -653,6 +653,12 @@
was down only then we bring down AP
*/
pHostapdAdapter = netdev_priv(dev);
+ if ((NULL == pHostapdAdapter) ||
+ (WLAN_HDD_ADAPTER_MAGIC != pHostapdAdapter->magic))
+ {
+ hddLog(LOGE, FL("invalid adapter: %p"), pHostapdAdapter);
+ return;
+ }
pHddApCtx = WLAN_HDD_GET_AP_CTX_PTR(pHostapdAdapter);
vos_status = vos_timer_start(
&pHddApCtx->hdd_ap_inactivity_timer,
diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c
index 414557b..885200d 100755
--- a/CORE/HDD/src/wlan_hdd_main.c
+++ b/CORE/HDD/src/wlan_hdd_main.c
@@ -10675,11 +10675,17 @@
/* Iterate over all adapters/devices */
status = hdd_get_front_adapter ( pHddCtx, &pAdapterNode );
+ if ((NULL == pAdapterNode) || (VOS_STATUS_SUCCESS != status))
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ FL("fail to get adapter: %p %d"), pAdapterNode, status);
+ goto end;
+ }
+
do
{
- if( (status == VOS_STATUS_SUCCESS) &&
- pAdapterNode &&
- pAdapterNode->pAdapter)
+ if(pAdapterNode->pAdapter &&
+ WLAN_HDD_ADAPTER_MAGIC == pAdapterNode->pAdapter->magic)
{
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
"restarting the driver(intf:\'%s\' mode:%d :try %d)",
@@ -10704,7 +10710,7 @@
pAdapterNode = pNext;
} while((NULL != pAdapterNode) && (VOS_STATUS_SUCCESS == status));
-
+ end:
/* Free the allocated management frame */
kfree(mgmt);
diff --git a/CORE/HDD/src/wlan_hdd_p2p.c b/CORE/HDD/src/wlan_hdd_p2p.c
index 959ddf8..6ea3aee 100644
--- a/CORE/HDD/src/wlan_hdd_p2p.c
+++ b/CORE/HDD/src/wlan_hdd_p2p.c
@@ -402,9 +402,10 @@
hdd_adapter_t *pAdapter = (hdd_adapter_t *)data;
hdd_remain_on_chan_ctx_t *pRemainChanCtx;
hdd_cfg80211_state_t *cfgState;
- if ( NULL == pAdapter )
+
+ if ((NULL == pAdapter) || (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic))
{
- hddLog( LOGE, FL("pAdapter is NULL !!!"));
+ hddLog( LOGE, FL("pAdapter is invalid %p !!!"), pAdapter);
return;
}
cfgState = WLAN_HDD_GET_CFG_STATE_PTR( pAdapter );
diff --git a/CORE/HDD/src/wlan_hdd_tdls.c b/CORE/HDD/src/wlan_hdd_tdls.c
index 0941b99..2cd4d2e 100644
--- a/CORE/HDD/src/wlan_hdd_tdls.c
+++ b/CORE/HDD/src/wlan_hdd_tdls.c
@@ -130,7 +130,6 @@
struct list_head *head;
struct list_head *pos;
hddTdlsPeer_t *curr_peer;
- hdd_station_ctx_t *pHddStaCtx;
hdd_context_t *pHddCtx;
tdlsCtx_t *pHddTdlsCtx;
int discover_req_sent = 0;
@@ -164,8 +163,6 @@
return;
}
- pHddStaCtx = WLAN_HDD_GET_STATION_CTX_PTR(pHddTdlsCtx->pAdapter);
-
VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "%s: ", __func__);
if (0 == pHddTdlsCtx->discovery_peer_cnt)
@@ -1877,7 +1874,15 @@
tANI_U16 wlan_hdd_tdlsConnectedPeers(hdd_adapter_t *pAdapter)
{
- hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
+ hdd_context_t *pHddCtx = NULL;
+
+ if ((NULL == pAdapter) || (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic))
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ FL("invalid pAdapter: %p"), pAdapter);
+ return 0;
+ }
+ pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
ENTER();
if(0 != (wlan_hdd_validate_context(pHddCtx)))
@@ -2129,10 +2134,21 @@
void wlan_hdd_tdls_check_bmps(hdd_adapter_t *pAdapter)
{
- hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
- tdlsCtx_t *pHddTdlsCtx = WLAN_HDD_GET_TDLS_CTX_PTR(pAdapter);
+
+ tdlsCtx_t *pHddTdlsCtx = NULL;
+ hdd_context_t *pHddCtx = NULL;
hddTdlsPeer_t *curr_peer;
+ if ((NULL == pAdapter) || (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic))
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ FL("invalid pAdapter: %p"), pAdapter);
+ return;
+ }
+
+ pHddTdlsCtx = WLAN_HDD_GET_TDLS_CTX_PTR(pAdapter);
+ pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
+
if ((NULL == pHddCtx) || (NULL == pHddTdlsCtx))
{
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO,
@@ -2481,11 +2497,14 @@
void wlan_hdd_tdls_check_power_save_prohibited(hdd_adapter_t *pAdapter)
{
- tdlsCtx_t *pHddTdlsCtx;
- hdd_context_t *pHddCtx;
+ tdlsCtx_t *pHddTdlsCtx = NULL;
+ hdd_context_t *pHddCtx = NULL;
- if (!pAdapter) {
- hddLog(VOS_TRACE_LEVEL_ERROR, FL("HDD adpater is NULL"));
+
+ if ((NULL == pAdapter) || (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic))
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ FL("invalid pAdapter: %p"), pAdapter);
return;
}
@@ -2843,7 +2862,8 @@
{
hdd_context_t *pHddCtx;
- if (NULL == pAdapter || NULL == curr_peer)
+ if ((NULL == pAdapter || WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic) ||
+ (NULL == curr_peer))
{
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
FL("parameters passed are invalid"));
diff --git a/CORE/HDD/src/wlan_hdd_tx_rx.c b/CORE/HDD/src/wlan_hdd_tx_rx.c
index 0905865..32bb72d 100644
--- a/CORE/HDD/src/wlan_hdd_tx_rx.c
+++ b/CORE/HDD/src/wlan_hdd_tx_rx.c
@@ -2270,7 +2270,7 @@
{
pAdapter = pAdapterNode->pAdapter;
- if ( pAdapter )
+ if ((NULL != pAdapter) && (WLAN_HDD_ADAPTER_MAGIC == pAdapter->magic))
{
VOS_TRACE( VOS_MODULE_ID_HDD_DATA, VOS_TRACE_LEVEL_INFO,
"%s: Adapter with device mode %d exists",
diff --git a/CORE/HDD/src/wlan_hdd_wmm.c b/CORE/HDD/src/wlan_hdd_wmm.c
index 5c19f92..a675e01 100644
--- a/CORE/HDD/src/wlan_hdd_wmm.c
+++ b/CORE/HDD/src/wlan_hdd_wmm.c
@@ -567,6 +567,13 @@
acType = pQosContext->acType;
pAdapter = pQosContext->pAdapter;
+ if ((NULL == pAdapter) || (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic))
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ FL("invalid pAdapter: %p"), pAdapter);
+ return;
+ }
+
pAc = &pAdapter->hddWmmStatus.wmmAcStatus[acType];
// Get the Tx stats for this AC.