Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 43ab01b1167878163c4e64b9b7b40d29e643eb0b
commit43ab01b1167878163c4e64b9b7b40d29e643eb0b[log] [tgz]
authorAbhinav Kumar <abhikuma@codeaurora.org>Tue Jun 26 19:06:56 2018 +0530
committernshrivas <nshrivas@codeaurora.org>Thu Jul 05 10:01:02 2018 -0700
tree0eda0da3cea40dcb1f611b14482df1b5d3ff2eac
parent75873e96085ebfabfd3ecbbc5c37ac5d8a1fc81a [diff]
qcacld-3.0: Validate sessionId before use in csr_roam_substate_change

csr_roam_set_bss_config_cfg invokes csr_roam_substate_change
with sessionId as one argument to change roam substate. In
csr_roam_substate_change, sessionId is uses as index of array
curSubState of max allowed index CSR_ROAM_SESSION_MAX(5). But
there is no any check present in csr_roam_substate_change to
validate sessionId against maximum allowed concurrent sessions.
This results Out-of-Bound access if sessionId >=
CSR_ROAM_SESSION_MAX.

Add check for sessionId against CSR_ROAM_SESSION_MAX in
csr_roam_substate_change.

Change-Id: Iae7da836001a9ccbec77cdc64df27b259f15bf4e
CRs-Fixed: 2268547
1 file changed
tree: 0eda0da3cea40dcb1f611b14482df1b5d3ff2eac
  1. components/
  2. configs/
  3. core/
  4. uapi/
  5. Android.mk
  6. Kbuild
  7. Kconfig
  8. Makefile
  9. README.txt