diff options
| author | Baochen Qiang <[email protected]> | 2023-09-20 13:43:42 +0000 |
|---|---|---|
| committer | Kalle Valo <[email protected]> | 2023-09-21 08:02:07 +0000 |
| commit | b302dce3d9edea5b93d1902a541684a967f3c63c (patch) | |
| tree | 6b66d26ea961cfc5e638b1767f535c4219fc076a /drivers/net/wireless/ath/ath12k/wmi.c | |
| parent | wifi: ath10k: fix clang-specific fortify warning (diff) | |
| download | kernel-b302dce3d9edea5b93d1902a541684a967f3c63c.tar.gz kernel-b302dce3d9edea5b93d1902a541684a967f3c63c.zip | |
wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()
reg_cap.phy_id is extracted from WMI event and could be an unexpected value
in case some errors happen. As a result out-of-bound write may occur to
soc->hal_reg_cap. Fix it by validating reg_cap.phy_id before using it.
This is found during code review.
Compile tested only.
Signed-off-by: Baochen Qiang <[email protected]>
Acked-by: Jeff Johnson <[email protected]>
Signed-off-by: Kalle Valo <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Diffstat (limited to 'drivers/net/wireless/ath/ath12k/wmi.c')
| -rw-r--r-- | drivers/net/wireless/ath/ath12k/wmi.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c index acc5fc8fbce6..a771ffa9a309 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.c +++ b/drivers/net/wireless/ath/ath12k/wmi.c @@ -3876,6 +3876,12 @@ static int ath12k_wmi_ext_hal_reg_caps(struct ath12k_base *soc, ath12k_warn(soc, "failed to extract reg cap %d\n", i); return ret; } + + if (reg_cap.phy_id >= MAX_RADIOS) { + ath12k_warn(soc, "unexpected phy id %u\n", reg_cap.phy_id); + return -EINVAL; + } + soc->hal_reg_cap[reg_cap.phy_id] = reg_cap; } return 0; |