commit 0c162d0ab804dc8bac20c6788d890cd791ba1f9a
author Siddharth Bhal <sbhal@qti.qualcomm.com> Tue May 06 19:50:42 2014 +0530
committer Kiet Lam <c_kietl@qca.qualcomm.com> Fri May 16 13:58:12 2014 -0700
tree e595a3acb93baabd4bef28b8f5f7bc85e587f7f8
parent 5e0e85a32d2430386958cd3c483f4705f403d169

wlan: HDD: prevent null check dereference

Add a pointer null check before dereference.

Change-Id: I15bcb8a4783eb6b69cd59b66d1935543b6f86703
Crs-Fixed: 658985

CORE/HDD/src/wlan_hdd_cfg80211.c

diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 05dd615..22a316d 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -5151,12 +5151,9 @@
 #endif
                             struct cfg80211_scan_request *request)
 {
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,6,0))
-   struct net_device *dev = request->wdev->netdev;
-#endif
-    hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR( dev );
-    hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX( pAdapter );
-    hdd_wext_state_t *pwextBuf = WLAN_HDD_GET_WEXT_STATE_PTR(pAdapter);
+    hdd_adapter_t *pAdapter = NULL;
+    hdd_context_t *pHddCtx = NULL;
+    hdd_wext_state_t *pwextBuf = NULL;
     hdd_config_t *cfg_param = NULL;
     tCsrScanRequest scanRequest;
     tANI_U8 *channelList = NULL, i;
@@ -5165,11 +5162,23 @@
     hdd_scaninfo_t *pScanInfo = NULL;
     v_U8_t* pP2pIe = NULL;
 
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,6,0))
+    struct net_device *dev = NULL;
+    if (NULL == request)
+    {
+        hddLog(VOS_TRACE_LEVEL_ERROR,
+                "%s: scan req param null", __func__);
+        return -EINVAL;
+    }
+    dev = request->wdev->netdev;
+#endif
+
+    pAdapter = WLAN_HDD_GET_PRIV_PTR( dev );
+    pHddCtx = WLAN_HDD_GET_CTX( pAdapter );
+    pwextBuf = WLAN_HDD_GET_WEXT_STATE_PTR(pAdapter);
+
     ENTER();
 
-    MTRACE(vos_trace(VOS_MODULE_ID_HDD,
-                     TRACE_CODE_HDD_CFG80211_SCAN,
-                     pAdapter->sessionId, request->n_channels));
 
     hddLog(VOS_TRACE_LEVEL_INFO, "%s: device_mode = %s (%d)",
            __func__, hdd_device_modetoString(pAdapter->device_mode),
@@ -5184,6 +5193,12 @@
         return status;
     }
 
+    if (NULL == pwextBuf)
+    {
+        hddLog (VOS_TRACE_LEVEL_ERROR, "%s ERROR: invalid WEXT state\n",
+                __func__);
+        return -EIO;
+    }
     cfg_param = pHddCtx->cfg_ini;
     pScanInfo = &pHddCtx->scan_info;
 
@@ -5275,6 +5290,9 @@
 
     if (NULL != request)
     {
+        MTRACE(vos_trace(VOS_MODULE_ID_HDD,
+                    TRACE_CODE_HDD_CFG80211_SCAN,
+                    pAdapter->sessionId, request->n_channels));
         hddLog(VOS_TRACE_LEVEL_INFO, "scan request for ssid = %d",
                (int)request->n_ssids);
 
@@ -5333,6 +5351,9 @@
     }
     else
     {
+        MTRACE(vos_trace(VOS_MODULE_ID_HDD,
+                    TRACE_CODE_HDD_CFG80211_SCAN,
+                    pAdapter->sessionId, 0));
         /* set the scan type to active */
         scanRequest.scanType = eSIR_ACTIVE_SCAN;
         vos_mem_set( scanRequest.bssid, sizeof( tCsrBssid ), 0xff );