commit 153c466ad90c44ac46082e0ecf9f0ab6204ef7ea
author Mahesh A Saptasagar <c_msapta@qti.qualcomm.com> Fri Feb 06 12:13:08 2015 +0530
committer AnjaneeDevi Kapparapu <c_akappa@qti.qualcomm.com> Mon Feb 09 19:31:51 2015 +0530
tree b66eec0639aae425cc617447e0ecab481161f766
parent 5696b73ac4b1deccbeb758148ab470a54d7f263e

wlan: Validate ioctls for NULL pointer de-reference

Access to driver data structures during driver load unload
results in kernel panic.
To mitigate the issue, validate the context before accessing
driver data structures.

Change-Id: I8655ae915ab98059360c4f4bf27f52542cc8d4ff
CRs-Fixed: 787157

CORE/HDD/src/wlan_hdd_oemdata.c

diff --git a/CORE/HDD/src/wlan_hdd_oemdata.c b/CORE/HDD/src/wlan_hdd_oemdata.c
index bda6e8a..3265e46 100644
--- a/CORE/HDD/src/wlan_hdd_oemdata.c
+++ b/CORE/HDD/src/wlan_hdd_oemdata.c
@@ -121,16 +121,24 @@
     eHalStatus                            status;
     struct iw_oem_data_rsp*               pHddOemDataRsp;
     tOemDataRsp*                          pSmeOemDataRsp;
+    hdd_adapter_t *pAdapter;
+    hdd_context_t *pHddCtx;
 
-    hdd_adapter_t *pAdapter = (netdev_priv(dev));
-
-    if ((WLAN_HDD_GET_CTX(pAdapter))->isLogpInProgress)
+    pAdapter = (netdev_priv(dev));
+    if (NULL == pAdapter)
     {
-       VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
-                                  "%s:LOGP in Progress. Ignore!!!",__func__);
-       return -EBUSY;
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  "%s: Adapter is NULL",__func__);
+        return -EINVAL;
     }
-
+    pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
+    rc = wlan_hdd_validate_context(pHddCtx);
+    if (0 != rc)
+    {
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  "%s: HDD context is not valid",__func__);
+        return rc;
+    }
     do
     {
         //get the oem data response from sme
@@ -201,17 +209,33 @@
     eHalStatus status = eHAL_STATUS_SUCCESS;
     struct iw_oem_data_req *pOemDataReq = NULL;
     tOemDataReqConfig oemDataReqConfig;
-
     tANI_U32 oemDataReqID = 0;
+    hdd_adapter_t *pAdapter;
+    hdd_context_t *pHddCtx;
+    hdd_wext_state_t *pwextBuf;
 
-    hdd_adapter_t *pAdapter = (netdev_priv(dev));
-    hdd_wext_state_t *pwextBuf = WLAN_HDD_GET_WEXT_STATE_PTR(pAdapter);
-
-    if ((WLAN_HDD_GET_CTX(pAdapter))->isLogpInProgress)
+    pAdapter = (netdev_priv(dev));
+    if (NULL == pAdapter)
     {
-       VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
-                                  "%s:LOGP in Progress. Ignore!!!",__func__);
-       return -EBUSY;
+       VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                 "%s: Adapter is NULL",__func__);
+       return -EINVAL;
+    }
+    pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
+    rc = wlan_hdd_validate_context(pHddCtx);
+    if (0 != rc)
+    {
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  "%s: HDD context is not valid",__func__);
+        return rc;
+    }
+
+    pwextBuf = WLAN_HDD_GET_WEXT_STATE_PTR(pAdapter);
+    if (NULL == pwextBuf)
+    {
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  "%s: pwextBuf is NULL",__func__);
+        return -EINVAL;
     }
 
     do