commit da0fe36053db6ee35e40b6a8d975e373c4ddfa89
author Hanumantha Reddy Pothula <c_hpothu@qti.qualcomm.com> Fri Feb 27 18:37:03 2015 +0530
committer Satyanarayana Dash <c_sadash@qti.qualcomm.com> Wed Mar 18 18:57:50 2015 +0530
tree 48d8abe310bedd23a0ba72aceea47eceba108455
parent 036495ac09c96ebc04cd304218471827c2d8e3b8

wlan: Validate adapter's magic number in timer handlers

Before accessing adapter context, validate adapter's magic number
along with NULL check to confirm that instance of adapter context
is valid.

Change-Id: If0365c765ad87be53b7e78d8744f0dcfe1a310ab
CRs-Fixed: 803527.

CORE/HDD/src/wlan_hdd_tdls.c

diff --git a/CORE/HDD/src/wlan_hdd_tdls.c b/CORE/HDD/src/wlan_hdd_tdls.c
index 0941b99..2cd4d2e 100644
--- a/CORE/HDD/src/wlan_hdd_tdls.c
+++ b/CORE/HDD/src/wlan_hdd_tdls.c
@@ -130,7 +130,6 @@
     struct list_head *head;
     struct list_head *pos;
     hddTdlsPeer_t *curr_peer;
-    hdd_station_ctx_t *pHddStaCtx;
     hdd_context_t *pHddCtx;
     tdlsCtx_t *pHddTdlsCtx;
     int discover_req_sent = 0;
@@ -164,8 +163,6 @@
         return;
     }
 
-    pHddStaCtx = WLAN_HDD_GET_STATION_CTX_PTR(pHddTdlsCtx->pAdapter);
-
     VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "%s: ", __func__);
 
     if (0 == pHddTdlsCtx->discovery_peer_cnt)
@@ -1877,7 +1874,15 @@
 
 tANI_U16 wlan_hdd_tdlsConnectedPeers(hdd_adapter_t *pAdapter)
 {
-    hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
+    hdd_context_t *pHddCtx = NULL;
+
+    if ((NULL == pAdapter) || (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic))
+    {
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  FL("invalid pAdapter: %p"), pAdapter);
+        return 0;
+    }
+    pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
 
     ENTER();
     if(0 != (wlan_hdd_validate_context(pHddCtx)))
@@ -2129,10 +2134,21 @@
 
 void wlan_hdd_tdls_check_bmps(hdd_adapter_t *pAdapter)
 {
-    hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
-    tdlsCtx_t *pHddTdlsCtx = WLAN_HDD_GET_TDLS_CTX_PTR(pAdapter);
+
+    tdlsCtx_t *pHddTdlsCtx = NULL;
+    hdd_context_t *pHddCtx = NULL;
     hddTdlsPeer_t *curr_peer;
 
+    if ((NULL == pAdapter) || (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic))
+    {
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  FL("invalid pAdapter: %p"), pAdapter);
+        return;
+    }
+
+    pHddTdlsCtx = WLAN_HDD_GET_TDLS_CTX_PTR(pAdapter);
+    pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
+
     if ((NULL == pHddCtx) || (NULL == pHddTdlsCtx))
     {
        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO,
@@ -2481,11 +2497,14 @@
 
 void wlan_hdd_tdls_check_power_save_prohibited(hdd_adapter_t *pAdapter)
 {
-    tdlsCtx_t *pHddTdlsCtx;
-    hdd_context_t *pHddCtx;
+    tdlsCtx_t *pHddTdlsCtx = NULL;
+    hdd_context_t *pHddCtx = NULL;
 
-    if (!pAdapter) {
-        hddLog(VOS_TRACE_LEVEL_ERROR, FL("HDD adpater is NULL"));
+
+    if ((NULL == pAdapter) || (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic))
+    {
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  FL("invalid pAdapter: %p"), pAdapter);
         return;
     }
 
@@ -2843,7 +2862,8 @@
 {
     hdd_context_t *pHddCtx;
 
-    if (NULL == pAdapter || NULL == curr_peer)
+    if ((NULL == pAdapter || WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic) ||
+        (NULL == curr_peer))
     {
        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
                  FL("parameters passed are invalid"));