qcacld-3.0: Fix sta_ds use after free
lim_is_pkt_candidate_for_drop() uses sta_ds to update last assoc
and deauth/disasocc received time without taking any lock for
sta_ds. deletion of sta_ds in pe_delete_session before accessing
sta_ds in dph_lookup_hash_entry can lead lead to Assert.
Similar is the case with sta_ds->last_assoc_received_time and
sta_ds->last_disassoc_deauth_received_time.
Fix is to use peer_priv instead of sta_ds and update
last_assoc_received_time and last_disassoc_deauth_received_time of
peer_mlme_priv_obj. In this case refcount gets increased for valid
peer and peer won't be deleted until lim_is_pkt_candidate_for_drop
releases the ref count of the peer.
Change-Id: I9daf31f9dd7b509eaf38a93078bb7418605b1c74
CRs-Fixed: 2598841
4 files changed