Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 00737f87 authored by Mohammed's avatar Mohammed
Browse files

msm: ipa: gsb: Validate iface handle 



Decode wrong iface handle from mux header of
corrupted packet, leads to invoke invalid index
of iface's tx_dp_notify, in turn leads to
segmentation fault.

So, validate the iface handle which is received
from status packet's mux header before invoking
tx_dp_notify of iface handle.

Change-Id: I21fd54a5c07d25f69a81d67eb4482ea1cc135ea9
Signed-off-by: default avatarMohammed <mjavid@codeaurora.org>
parent a212cf53

drivers/platform/msm/ipa/ipa_clients/ipa_gsb.c

+2 −1
Original line number Diff line number Diff line
@@ -744,7 +744,8 @@ static void ipa_gsb_tx_dp_notify(void *priv, enum ipa_dp_evt_type evt, 
	/* change to host order */

	*(u32 *)mux_hdr = ntohl(*(u32 *)mux_hdr);

	hdl = mux_hdr->iface_hdl;

	if (!ipa_gsb_ctx->iface[hdl]) {

	if ((hdl < 0) || (hdl >= MAX_SUPPORTED_IFACE) ||

		!ipa_gsb_ctx->iface[hdl]) {

		IPA_GSB_ERR("invalid hdl: %d and cb, drop the skb\n", hdl);

		dev_kfree_skb_any(skb);

		return;