diff options
author | John W. Linville <linville@tuxdriver.com> | 2009-05-05 15:18:26 -0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2009-05-11 15:07:01 -0400 |
commit | 621ad7c96aa138cfeab53cd4debc5a4e08b2189b (patch) | |
tree | 1759dce722d8b8798698540d1db11c2027c27ecf | |
parent | aedec9226809ae9d1972f8f8079fc70206ee7a88 (diff) |
mac80211: avoid NULL ptr deref when finding max_rates in PID and minstrel
"There is another problem with this piece of code. The sband will be NULL
after second iteration on single band device and cause null pointer
dereference. Everything is working with dual band card. Sorry, but i
don't know how to explain this clearly in English. I have looked on the
second patch for pid algorithm and found similar bug."
Reported-by: Karol Szuster <qflon@o2.pl>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r-- | net/mac80211/rc80211_minstrel.c | 2 | ||||
-rw-r--r-- | net/mac80211/rc80211_pid_algo.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c index 70df3dcc3cf..d9233ec5061 100644 --- a/net/mac80211/rc80211_minstrel.c +++ b/net/mac80211/rc80211_minstrel.c @@ -477,7 +477,7 @@ minstrel_alloc_sta(void *priv, struct ieee80211_sta *sta, gfp_t gfp) for (i = 0; i < IEEE80211_NUM_BANDS; i++) { sband = hw->wiphy->bands[i]; - if (sband->n_bitrates > max_rates) + if (sband && sband->n_bitrates > max_rates) max_rates = sband->n_bitrates; } diff --git a/net/mac80211/rc80211_pid_algo.c b/net/mac80211/rc80211_pid_algo.c index 01d59a8e334..8bef9a1262f 100644 --- a/net/mac80211/rc80211_pid_algo.c +++ b/net/mac80211/rc80211_pid_algo.c @@ -378,7 +378,7 @@ static void *rate_control_pid_alloc(struct ieee80211_hw *hw, for (i = 0; i < IEEE80211_NUM_BANDS; i++) { sband = hw->wiphy->bands[i]; - if (sband->n_bitrates > max_rates) + if (sband && sband->n_bitrates > max_rates) max_rates = sband->n_bitrates; } |