aboutsummaryrefslogtreecommitdiff
path: root/init
diff options
context:
space:
mode:
authorSenthil Balasubramanian <senthilkumar@atheros.com>2008-05-28 20:08:12 +0530
committerJohn W. Linville <linville@tuxdriver.com>2008-05-28 16:43:49 -0400
commit70d251b24c44ab2fcba1807a5206e844cf10eb38 (patch)
tree37b16148cc305f874fcfaf0bd68e9463232061a8 /init
parentf6d97104890203ba9c2cf8e34894c4c8e64cb880 (diff)
mac80211: Fix for NULL pointer dereference in sta_info_get()
This addresses a NULL pointer dereference in sta_info_get(). TID and sta_info are extracted in ADDBA Timer expiry function through the timer handler's argument. The problem is extracging the TID (which was stored in timer_to_tid[] array of type "u8") through "int *" typecast which may also yield unwanted bytes for the MSB of TID that results in incorrect sta_info and ieee80211_local pointers. ieee80211_local pointer is NULL as illustrated below, it crashes in sta_info_get(). The problem started when extracting ieee80211_local pointer out of sta_info iteself and eventually crashed in stat_info_get(). The proper way to fix is to change the data type of TID to u8 instead of u16. However changing all the occurences requires some prototype changes as well. We should fix this in upcoming patches. Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: Luis Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'init')
0 files changed, 0 insertions, 0 deletions