Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 26f6a7d2 authored by Frank Liu's avatar Frank Liu Committed by nshrivas
Browse files

qcacmn: Fix KW issue in tdls 

Potential NULL pointer dereferences of wmi_handle are found in these
functions:
target_if_tdls_event_handler()
target_if_tdls_register_event_handler()
target_if_tdls_unregister_event_handler()

Do wmi_handle NULL check in the above functions.

Change-Id: I7cb4b574750d6bc6538862aa24a0cf49831b7c25
CRs-Fixed: 2317029
parent 7629f614

target_if/tdls/src/target_if_tdls.c

+24 −7
Original line number Diff line number Diff line
@@ -59,6 +59,11 @@ target_if_tdls_event_handler(ol_scn_t scn, uint8_t *data, uint32_t datalen) 
	}

	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);



	if (!wmi_handle) {

		target_if_err("null wmi_handle");

		return -EINVAL;

	}



	if (wmi_extract_vdev_tdls_ev_param(wmi_handle, data, &info)) {

		target_if_err("Failed to extract wmi tdls event");

		return -EINVAL;
@@ -163,8 +168,14 @@ QDF_STATUS 
target_if_tdls_register_event_handler(struct wlan_objmgr_psoc *psoc,

				      void *arg)

{

	return wmi_unified_register_event(

			get_wmi_unified_hdl_from_psoc(psoc),

	struct wmi_unified *wmi_handle;



	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);

	if (!wmi_handle) {

		target_if_err("null wmi_handle");

		return QDF_STATUS_E_INVAL;

	}

	return wmi_unified_register_event(wmi_handle,

					  wmi_tdls_peer_event_id,

					  target_if_tdls_event_handler);

}
@@ -173,8 +184,14 @@ QDF_STATUS 
target_if_tdls_unregister_event_handler(struct wlan_objmgr_psoc *psoc,

					void *arg)

{

	return wmi_unified_unregister_event(

			get_wmi_unified_hdl_from_psoc(psoc),

	struct wmi_unified *wmi_handle;



	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);

	if (!wmi_handle) {

		target_if_err("null wmi_handle");

		return QDF_STATUS_E_INVAL;

	}

	return wmi_unified_unregister_event(wmi_handle,

					    wmi_tdls_peer_event_id);

}