wlan: LLSTATS: Null dereference check add
nla_nest_start() may return null if it fails to put the nl
attribute. Then nla_nest_end() will try to dereference the NULL.
So, add the appropriate null dereference check.
Change-Id: Iaa2ac1f1b33583bc9ad3233d6c8a27d148e28ef3
CRs-Fixed: 785079
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index ac4083d..642b18e 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -712,6 +712,8 @@
rateInfo = nla_nest_start(vendor_event,
QCA_WLAN_VENDOR_ATTR_LL_STATS_PEER_INFO_RATE_INFO);
+ if(!rateInfo)
+ return FALSE;
for (i = 0; i < stats->numRate; i++)
{
struct nlattr *rates;
@@ -719,6 +721,8 @@
stats->rateStats +
(i * sizeof(tSirWifiRateStat)));
rates = nla_nest_start(vendor_event, i);
+ if(!rates)
+ return FALSE;
if (FALSE == put_wifi_rate_stat(pRateStats, vendor_event))
{
@@ -957,10 +961,20 @@
wmmInfo = nla_nest_start(vendor_event,
QCA_WLAN_VENDOR_ATTR_LL_STATS_WMM_INFO);
+ if(!wmmInfo)
+ {
+ vos_mem_free(pWifiIfaceStatTL);
+ return FALSE;
+ }
for (i = 0; i < WIFI_AC_MAX; i++)
{
struct nlattr *wmmStats;
wmmStats = nla_nest_start(vendor_event, i);
+ if(!wmmStats)
+ {
+ vos_mem_free(pWifiIfaceStatTL);
+ return FALSE;
+ }
if (FALSE == put_wifi_wmm_ac_stat(
&pWifiIfaceStat->AccessclassStats[i],
vendor_event))
@@ -1183,15 +1197,31 @@
peerInfo = nla_nest_start(vendor_event,
QCA_WLAN_VENDOR_ATTR_LL_STATS_PEER_INFO);
+ if(!peerInfo)
+ {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s: QCA_WLAN_VENDOR_ATTR_LL_STATS_PEER_INFO put fail",
+ __func__);
+ kfree_skb(vendor_event);
+ return;
+ }
pWifiPeerInfo = (tpSirWifiPeerInfo) ((uint8 *)
pWifiPeerStat->peerInfo);
for (i = 1; i <= pWifiPeerStat->numPeers; i++)
{
- struct nlattr *peers = nla_nest_start(vendor_event, i);
int numRate = pWifiPeerInfo->numRate;
+ struct nlattr *peers = nla_nest_start(vendor_event, i);
+ if(!peers)
+ {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s: peer stats put fail",
+ __func__);
+ kfree_skb(vendor_event);
+ return;
+ }
if (FALSE == put_wifi_peer_info(
pWifiPeerInfo, vendor_event))
{
@@ -1468,6 +1498,14 @@
chList = nla_nest_start(vendor_event,
QCA_WLAN_VENDOR_ATTR_LL_STATS_CH_INFO);
+ if(!chList)
+ {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s: QCA_WLAN_VENDOR_ATTR_LL_STATS_CH_INFO put fail",
+ __func__);
+ kfree_skb(vendor_event);
+ return;
+ }
for (i = 0; i < pWifiRadioStat->numChannels; i++)
{
struct nlattr *chInfo;
@@ -1494,6 +1532,14 @@
chInfo = nla_nest_start(vendor_event, i);
+ if(!chInfo)
+ {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s: failed to put chInfo",
+ __func__);
+ kfree_skb(vendor_event);
+ return;
+ }
if (nla_put_u32(vendor_event,
QCA_WLAN_VENDOR_ATTR_LL_STATS_CHANNEL_INFO_WIDTH,