qcacld-3.0: Add null pointer check and fix buffer overflow in sap
Add null pointer validation and fix possible buffer overflow issue
in sap module.
Change-Id: I314e07a31368dd3ca854b9aeab4a0bce0402a81b
CRs-Fixed: 2162246
diff --git a/core/sap/src/sap_api_link_cntl.c b/core/sap/src/sap_api_link_cntl.c
index e7b6bdb..484dec3 100644
--- a/core/sap/src/sap_api_link_cntl.c
+++ b/core/sap/src/sap_api_link_cntl.c
@@ -841,6 +841,12 @@
tHalHandle hal;
hal = CDS_GET_HAL_CB();
+ if (!hal) {
+ QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+ FL("null hal"));
+ return;
+ }
+
mac_ctx->sap.SapDfsInfo.target_channel =
sap_ctx->dfs_vendor_channel;
diff --git a/core/sap/src/sap_ch_select.c b/core/sap/src/sap_ch_select.c
index 45243c4..0e353d1 100644
--- a/core/sap/src/sap_ch_select.c
+++ b/core/sap/src/sap_ch_select.c
@@ -2507,7 +2507,7 @@
uint8_t best_ch_num = SAP_CHANNEL_NOT_SELECTED;
uint32_t ht40plus2gendch = 0;
v_REGDOMAIN_t domain;
- uint8_t country[CDS_COUNTRY_CODE_LEN];
+ uint8_t country[CDS_COUNTRY_CODE_LEN + 1];
#ifdef SOFTAP_CHANNEL_RANGE
uint8_t count;
uint32_t start_ch_num, end_ch_num, tmp_ch_num, operating_band = 0;
diff --git a/core/sap/src/sap_fsm.c b/core/sap/src/sap_fsm.c
index 7d90b17..ceb675d 100644
--- a/core/sap/src/sap_fsm.c
+++ b/core/sap/src/sap_fsm.c
@@ -1820,6 +1820,12 @@
mac_ctx->psoc,
sap_context->self_mac_addr,
WLAN_LEGACY_SME_ID);
+ if (!vdev) {
+ QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+ FL("Invalid vdev objmgr"));
+ return QDF_STATUS_E_INVAL;
+ }
+
ucfg_scan_init_default_params(vdev, req);
req->scan_req.dwell_time_active = 0;
req->scan_req.scan_id = ucfg_scan_get_scan_id(mac_ctx->psoc);