mac80211: avoid NULL ptr deref when finding max_rates in PID and minstrel
authorJohn W. Linville <linville@tuxdriver.com>
Tue, 5 May 2009 19:18:26 +0000 (15:18 -0400)
committerJohn W. Linville <linville@tuxdriver.com>
Mon, 11 May 2009 19:07:01 +0000 (15:07 -0400)
"There is another problem with this piece of code. The sband will be NULL
after second iteration on single band device and cause null pointer
dereference. Everything is working with dual band card. Sorry, but i
don't know how to explain this clearly in English. I have looked on the
second patch for pid algorithm and found similar bug."

Reported-by: Karol Szuster <qflon@o2.pl>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
net/mac80211/rc80211_minstrel.c
net/mac80211/rc80211_pid_algo.c

index 70df3dcc3cf6444ff56d20b6b851cd6cc70b1c7d..d9233ec5061048b773d35e60bbeeee669efd1376 100644 (file)
@@ -477,7 +477,7 @@ minstrel_alloc_sta(void *priv, struct ieee80211_sta *sta, gfp_t gfp)
 
        for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
                sband = hw->wiphy->bands[i];
-               if (sband->n_bitrates > max_rates)
+               if (sband && sband->n_bitrates > max_rates)
                        max_rates = sband->n_bitrates;
        }
 
index 01d59a8e334ce832445c1c64ea3136c0bd373636..8bef9a1262ff33013e90231a1a09f32d29f7a0f3 100644 (file)
@@ -378,7 +378,7 @@ static void *rate_control_pid_alloc(struct ieee80211_hw *hw,
 
        for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
                sband = hw->wiphy->bands[i];
-               if (sband->n_bitrates > max_rates)
+               if (sband && sband->n_bitrates > max_rates)
                        max_rates = sband->n_bitrates;
        }