wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()

reg_cap.phy_id is extracted from WMI event and could be an unexpected value in case some errors happen. As a result out-of-bound write may occur to soc->hal_reg_cap. Fix it by validating reg_cap.phy_id before using it. This is found during code review. Compile tested only. Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230830020716.5420-1-quic_bqiang@quicinc.com
author: Baochen Qiang <quic_bqiang@quicinc.com> 2023-09-20 16:43:42 +0300
committer: Kalle Valo <quic_kvalo@quicinc.com> 2023-09-21 11:02:07 +0300
commit: b302dce3d9edea5b93d1902a541684a967f3c63c (patch)
tree: 6b66d26ea961cfc5e638b1767f535c4219fc076a /drivers/net/wireless/ath/ath12k/wmi.c
parent: cb4c132ebfeac5962f7258ffc831caa0c4dada1a (diff)
download: linux-b302dce3d9edea5b93d1902a541684a967f3c63c.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c
index acc5fc8fbce6..a771ffa9a309 100644
--- a/drivers/net/wireless/ath/ath12k/wmi.c
+++ b/drivers/net/wireless/ath/ath12k/wmi.c
@@ -3876,6 +3876,12 @@ static int ath12k_wmi_ext_hal_reg_caps(struct ath12k_base *soc,
 			ath12k_warn(soc, "failed to extract reg cap %d\n", i);
 			return ret;
 		}
+
+		if (reg_cap.phy_id >= MAX_RADIOS) {
+			ath12k_warn(soc, "unexpected phy id %u\n", reg_cap.phy_id);
+			return -EINVAL;
+		}
+
 		soc->hal_reg_cap[reg_cap.phy_id] = reg_cap;
 	}
 	return 0;
author	Baochen Qiang <quic_bqiang@quicinc.com>	2023-09-20 16:43:42 +0300
committer	Kalle Valo <quic_kvalo@quicinc.com>	2023-09-21 11:02:07 +0300
commit	b302dce3d9edea5b93d1902a541684a967f3c63c (patch)
tree	6b66d26ea961cfc5e638b1767f535c4219fc076a /drivers/net/wireless/ath/ath12k/wmi.c
parent	cb4c132ebfeac5962f7258ffc831caa0c4dada1a (diff)
download	linux-b302dce3d9edea5b93d1902a541684a967f3c63c.tar.xz