wlan: Add NULL check for FTM ioctls.
Add NULL check to FTM IOCTLs to avoid crash if user/app tries to
execute the ioctls without using ioctl to allocate memory.
Change-Id: Ic68dee653289351c0d9f782a380c106abfa0f984
CRs-Fixed: 703779
diff --git a/CORE/HDD/src/wlan_hdd_ftm.c b/CORE/HDD/src/wlan_hdd_ftm.c
index b961f2c..b10fe14 100644
--- a/CORE/HDD/src/wlan_hdd_ftm.c
+++ b/CORE/HDD/src/wlan_hdd_ftm.c
@@ -1188,6 +1188,13 @@
return VOS_STATUS_E_FAILURE;
}
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
+
if (chainSelect > FTM_CHAIN_SEL_MAX)
{
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
@@ -3598,6 +3605,13 @@
return VOS_STATUS_E_FAILURE;
}
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
+
if (VOS_STATUS_SUCCESS != validate_channel(channel, ftm_status.cbmode))
{
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
@@ -3677,6 +3691,13 @@
return VOS_STATUS_E_FAILURE;
}
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
+
if (pwr_mode > 2)
{
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
@@ -3751,6 +3772,13 @@
return VOS_STATUS_E_FAILURE;
}
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
+
/* do not allow to change setting when tx pktgen is enabled, although halphy does allow changing tx power
* when tx pktgen is enabled
*/
@@ -3974,6 +4002,13 @@
return VOS_STATUS_E_FAILURE;
}
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
+
if (startStop != 1 && startStop != 0)
{
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
@@ -4132,6 +4167,13 @@
return VOS_STATUS_E_FAILURE;
}
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
+
if (rxmode > 3)
{
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
@@ -4232,6 +4274,13 @@
return VOS_STATUS_E_FAILURE;
}
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
+
if (rx_pkt_clear != 1)
{
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
@@ -4296,13 +4345,20 @@
long ret;
hdd_context_t *pHddCtx = (hdd_context_t *)pAdapter->pHddCtx;
-
if (pHddCtx->ftm.ftm_state != WLAN_FTM_STARTED)
{
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
"%s:Ftm has not started. Please start the ftm. ", __func__);
return VOS_STATUS_E_FAILURE;
}
+
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
+
vos_mem_set(pMsgBuf, sizeof(tPttMsgbuffer), 0);
init_completion(&pHddCtx->ftm.ftm_comp_var);
pMsgBuf->msgId = PTT_MSG_DBG_READ_REGISTER;
@@ -4310,7 +4366,6 @@
pMsgBody = &pMsgBuf->msgBody;
pMsgBody->DbgReadRegister.regAddr = QWLAN_AGC_CHANNEL_FREQ_REG;
-
status = wlan_ftm_postmsg((v_U8_t*)pMsgBuf,pMsgBuf->msgBodyLength);
if (status != VOS_STATUS_SUCCESS)
@@ -4383,6 +4438,13 @@
"%s:Ftm has not started. Please start the ftm. ", __func__);
return VOS_STATUS_E_FAILURE;
}
+
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
vos_mem_set(pMsgBuf, sizeof(tPttMsgbuffer), 0);
init_completion(&pHddCtx->ftm.ftm_comp_var);
pMsgBuf->msgId = PTT_MSG_GET_TX_POWER_REPORT;
@@ -4452,6 +4514,12 @@
return VOS_STATUS_E_FAILURE;
}
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
vos_mem_set(pMsgBuf, sizeof(tPttMsgbuffer), 0);
init_completion(&pHddCtx->ftm.ftm_comp_var);
pMsgBuf->msgId = PTT_MSG_DBG_READ_REGISTER;
@@ -4580,6 +4648,12 @@
return VOS_STATUS_E_FAILURE;
}
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
vos_mem_set(pMsgBuf, sizeof(tPttMsgbuffer), 0);
init_completion(&pHddCtx->ftm.ftm_comp_var);
pMsgBuf->msgId = PTT_MSG_GET_TX_POWER_REPORT;
@@ -4661,6 +4735,14 @@
"%s:Ftm has not started. Please start the ftm. ", __func__);
return VOS_STATUS_E_FAILURE;
}
+
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
+
vos_mem_set(pMsgBuf, sizeof(tPttMsgbuffer), 0);
init_completion(&pHddCtx->ftm.ftm_comp_var);
pMsgBuf->msgId = PTT_MSG_GET_RX_PKT_COUNTS;
@@ -4725,6 +4807,13 @@
"%s:Ftm has not started. Please start the ftm. ", __func__);
return VOS_STATUS_E_FAILURE;
}
+
+ if (NULL == pMsgBuf)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s:pMsgBuf is NULL", __func__);
+ return VOS_STATUS_E_NOMEM;
+ }
vos_mem_set(pMsgBuf, sizeof(tPttMsgbuffer), 0);
init_completion(&pHddCtx->ftm.ftm_comp_var);
pMsgBuf->msgId = PTT_MSG_GET_RX_RSSI;