| From 621ad7c96aa138cfeab53cd4debc5a4e08b2189b Mon Sep 17 00:00:00 2001 |
| From: John W. Linville <linville@tuxdriver.com> |
| Date: Tue, 5 May 2009 15:18:26 -0400 |
| Subject: mac80211: avoid NULL ptr deref when finding max_rates in PID and minstrel |
| |
| From: John W. Linville <linville@tuxdriver.com> |
| |
| commit 621ad7c96aa138cfeab53cd4debc5a4e08b2189b upstream. |
| |
| "There is another problem with this piece of code. The sband will be NULL |
| after second iteration on single band device and cause null pointer |
| dereference. Everything is working with dual band card. Sorry, but i |
| don't know how to explain this clearly in English. I have looked on the |
| second patch for pid algorithm and found similar bug." |
| |
| Reported-by: Karol Szuster <qflon@o2.pl> |
| Signed-off-by: John W. Linville <linville@tuxdriver.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/mac80211/rc80211_minstrel.c | 2 +- |
| net/mac80211/rc80211_pid_algo.c | 2 +- |
| 2 files changed, 2 insertions(+), 2 deletions(-) |
| |
| --- a/net/mac80211/rc80211_minstrel.c |
| +++ b/net/mac80211/rc80211_minstrel.c |
| @@ -477,7 +477,7 @@ minstrel_alloc_sta(void *priv, struct ie |
| |
| for (i = 0; i < IEEE80211_NUM_BANDS; i++) { |
| sband = hw->wiphy->bands[i]; |
| - if (sband->n_bitrates > max_rates) |
| + if (sband && sband->n_bitrates > max_rates) |
| max_rates = sband->n_bitrates; |
| } |
| |
| --- a/net/mac80211/rc80211_pid_algo.c |
| +++ b/net/mac80211/rc80211_pid_algo.c |
| @@ -378,7 +378,7 @@ static void *rate_control_pid_alloc(stru |
| |
| for (i = 0; i < IEEE80211_NUM_BANDS; i++) { |
| sband = hw->wiphy->bands[i]; |
| - if (sband->n_bitrates > max_rates) |
| + if (sband && sband->n_bitrates > max_rates) |
| max_rates = sband->n_bitrates; |
| } |
| |
