Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 764fa0d6bf91e5bda83c88b0ebb8a24bb7aa0778
commit764fa0d6bf91e5bda83c88b0ebb8a24bb7aa0778[log] [tgz]
authorRakesh Pillai <pillair@codeaurora.org>Sat Jul 18 01:07:29 2020 +0530
committersnandini <snandini@codeaurora.org>Mon Jul 20 02:19:46 2020 -0700
tree9a5cbb2e319cbc414c828fc3a5a4c2aa694e5218
parentc5ddb93014e9e2f17f5629c4d60829d3e5968343 [diff]
qcacld-3.0: Fix use-after-free when skb is copied

When we receive a packet from the network stack for
transmission, we make a copy of this skb and free the
shared skb before trying to trasnmit it.

Currently the mac address used for tdls operations is
taken as a pointer to the original skb, which gets freed
after the skb_unshare.

Copy the mac address into a local stack memory instead
of using a pointer to the skb data to avoid the
use-after-free condition.

Change-Id: I9f0e6260476d5a41b7209a6a599f50a548b953b5
CRs-Fixed: 2733445
1 file changed
tree: 9a5cbb2e319cbc414c828fc3a5a4c2aa694e5218
  1. components/
  2. configs/
  3. core/
  4. os_if/
  5. uapi/
  6. Android.mk
  7. Kbuild
  8. Kconfig
  9. Makefile
  10. README.txt