qcacld-3.0: Add sanity check for vdev id to prevent OOB access Add sanity check for vdev id in wma_roam_event_callback() to prevent out of bound access of memory in wma_roam_better_ap_handler(). Change-Id: If3cf06a8eca767201fdd8b056bee6d773938a2a6 CRs-Fixed: 2119400

commit: 847dd5d5099d51cc73285f1aa8223e599abad3d2 [log] [tgz]
author: Himanshu Agarwal <himanaga@codeaurora.org> Wed Oct 04 14:15:04 2017 +0530
committer: snandini <snandini@codeaurora.org> Fri Oct 06 14:18:08 2017 -0700
tree: ae284e7a56c7e29ef561f3af82862739ce20a6e3
parent: 31c6047d1edec31e03292d4b20ff4e8df30134d1 [diff]
diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c
index 89a0f88..5bd9782 100644
--- a/core/wma/src/wma_scan_roam.c
+++ b/core/wma/src/wma_scan_roam.c

@@ -5544,6 +5544,11 @@
 		 __func__, wmi_event->reason, wmi_event->notif,
 		 wmi_event->vdev_id, wmi_event->rssi);
 
+	if (wmi_event->vdev_id >= wma_handle->max_bssid) {
+		WMA_LOGE("Invalid vdev id from firmware");
+		return -EINVAL;
+	}
+
 	DPTRACE(qdf_dp_trace_record_event(QDF_DP_TRACE_EVENT_RECORD,
 		wmi_event->vdev_id, QDF_TRACE_DEFAULT_PDEV_ID,
 		QDF_PROTO_TYPE_EVENT, QDF_ROAM_EVENTID));
commit	847dd5d5099d51cc73285f1aa8223e599abad3d2	[log] [tgz]
author	Himanshu Agarwal <himanaga@codeaurora.org>	Wed Oct 04 14:15:04 2017 +0530
committer	snandini <snandini@codeaurora.org>	Fri Oct 06 14:18:08 2017 -0700
tree	ae284e7a56c7e29ef561f3af82862739ce20a6e3
parent	31c6047d1edec31e03292d4b20ff4e8df30134d1 [diff]