mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-09-21 03:43:03 +00:00
qcacld-2.0: Fix buffer overflow
In limInitPeerIdxpool, driver initializes gLimAssocStaLimit/ gLimIbssStaLimit entries of peer index pool. But there is a chance of allocating less memory for peer index pool in peCreateSession which can overwrite adjacent memory locations as maxStation can be different from gLimAssocStaLimit/gLimIbssStaLimit. Fix this by initializing maxStation entries. Also, add change in limCreateSessionForRemainOnChn to use pMac->lim.maxStation as no of entries. Change-Id: I915e67fe7a15ebe622273af971d8a88ad78585cf CRs-Fixed: 1025378
This commit is contained in:
parent
9bf4ae8f5b
commit
642cca810d
|
@ -76,7 +76,7 @@ void
|
|||
limInitPeerIdxpool(tpAniSirGlobal pMac,tpPESession pSessionEntry)
|
||||
{
|
||||
tANI_U8 i;
|
||||
tANI_U8 maxAssocSta = pMac->lim.gLimAssocStaLimit;
|
||||
tANI_U8 maxAssocSta = pMac->lim.maxStation;
|
||||
|
||||
pSessionEntry->gpLimPeerIdxpool[0]=0;
|
||||
|
||||
|
@ -92,7 +92,6 @@ limInitPeerIdxpool(tpAniSirGlobal pMac,tpPESession pSessionEntry)
|
|||
#ifdef QCA_IBSS_SUPPORT
|
||||
if (LIM_IS_IBSS_ROLE(pSessionEntry)) {
|
||||
pSessionEntry->freePeerIdxHead=LIM_START_PEER_IDX;
|
||||
maxAssocSta = pMac->lim.gLimIbssStaLimit;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
|
|
@ -226,7 +226,7 @@ tSirRetStatus limCreateSessionForRemainOnChn(tpAniSirGlobal pMac, tPESession **p
|
|||
{
|
||||
if((psessionEntry = peCreateSession(pMac,
|
||||
pMac->lim.gpLimRemainOnChanReq->selfMacAddr,
|
||||
&sessionId, 1, eSIR_INFRA_AP_MODE)) == NULL)
|
||||
&sessionId, pMac->lim.maxStation, eSIR_INFRA_AP_MODE)) == NULL)
|
||||
{
|
||||
limLog(pMac, LOGE, FL("Session Can not be created "));
|
||||
/* send remain on chn failure */
|
||||
|
|
Loading…
Reference in a new issue