From: John W. Linville <linville@redhat.com>
Date: Wed, 15 Apr 2009 14:33:30 -0400
Subject: [wireless] mac80211: avoid null deref
Message-id: 20090415183330.GB31588@redhat.com
O-Subject: [RHEL5 PATCH resend w/ extra space added...] mac80211: avoid null deref at end of ieee80211_scan_completed
Bugzilla: 482990
RH-Acked-by: David Miller <davem@redhat.com>
RH-Acked-by: Prarit Bhargava <prarit@redhat.com>
(Repost with extra space added in the relocated 'if' clause...)
The patch merged to fix bug 482990 uncovered a possible NULL pointer
dereference. Luckily (for the rest of us) Lubomir hit it and suggested
a fix. After some negotiation, we settled on the patch below.
BZ482990
Tested by Lubomir with positive results.
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 538f34c..b34148c 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -3868,13 +3868,15 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw)
rcu_read_unlock();
done:
- sdata = IEEE80211_DEV_TO_SUB_IF(dev);
- if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
- struct ieee80211_if_sta *ifsta = &sdata->u.sta;
- if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
- (!ifsta->state == IEEE80211_IBSS_JOINED &&
- !ieee80211_sta_active_ibss(dev)))
- ieee80211_sta_find_ibss(dev, ifsta);
+ if (dev) {
+ sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
+ struct ieee80211_if_sta *ifsta = &sdata->u.sta;
+ if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
+ (!ifsta->state == IEEE80211_IBSS_JOINED &&
+ !ieee80211_sta_active_ibss(dev)))
+ ieee80211_sta_find_ibss(dev, ifsta);
+ }
}
}
EXPORT_SYMBOL(ieee80211_scan_completed);
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
fc11cd6e1c513a17304da94a5390f3cd
>
files
>
3861
