mac80211: avoid NULL ptr deref when finding max_rates in PID and minstrel
"There is another problem with this piece of code. The sband will be NULL after second iteration on single band device and cause null pointer dereference. Everything is working with dual band card. Sorry, but i don't know how to explain this clearly in English. I have looked on the second patch for pid algorithm and found similar bug." Reported-by: Karol Szuster <qflon@o2.pl> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Родитель
aedec92268
Коммит
621ad7c96a
|
@ -477,7 +477,7 @@ minstrel_alloc_sta(void *priv, struct ieee80211_sta *sta, gfp_t gfp)
|
||||||
|
|
||||||
for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
|
for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
|
||||||
sband = hw->wiphy->bands[i];
|
sband = hw->wiphy->bands[i];
|
||||||
if (sband->n_bitrates > max_rates)
|
if (sband && sband->n_bitrates > max_rates)
|
||||||
max_rates = sband->n_bitrates;
|
max_rates = sband->n_bitrates;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -378,7 +378,7 @@ static void *rate_control_pid_alloc(struct ieee80211_hw *hw,
|
||||||
|
|
||||||
for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
|
for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
|
||||||
sband = hw->wiphy->bands[i];
|
sband = hw->wiphy->bands[i];
|
||||||
if (sband->n_bitrates > max_rates)
|
if (sband && sband->n_bitrates > max_rates)
|
||||||
max_rates = sband->n_bitrates;
|
max_rates = sband->n_bitrates;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Загрузка…
Ссылка в новой задаче