qcacld-3.0: Add sanity check for vdev id to prevent OOB access
Add sanity check for vdev id in wma_roam_event_callback() to prevent
out of bound access of memory in wma_roam_better_ap_handler().
Change-Id: If3cf06a8eca767201fdd8b056bee6d773938a2a6
CRs-Fixed: 2119400
diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c
index 89a0f88..5bd9782 100644
--- a/core/wma/src/wma_scan_roam.c
+++ b/core/wma/src/wma_scan_roam.c
@@ -5544,6 +5544,11 @@
__func__, wmi_event->reason, wmi_event->notif,
wmi_event->vdev_id, wmi_event->rssi);
+ if (wmi_event->vdev_id >= wma_handle->max_bssid) {
+ WMA_LOGE("Invalid vdev id from firmware");
+ return -EINVAL;
+ }
+
DPTRACE(qdf_dp_trace_record_event(QDF_DP_TRACE_EVENT_RECORD,
wmi_event->vdev_id, QDF_TRACE_DEFAULT_PDEV_ID,
QDF_PROTO_TYPE_EVENT, QDF_ROAM_EVENTID));