From: Tuo Li <islituo@gmail.com>
To: stf_xl@wp.pl
Cc: linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
Tuo Li <islituo@gmail.com>
Subject: [PATCH v2] wifi: iwlegacy: 3945-rs: fix possible null-pointer dereferences in il3945_rs_get_rate()
Date: Wed, 7 Jan 2026 16:41:49 +0800 [thread overview]
Message-ID: <20260107084149.173289-1-islituo@gmail.com> (raw)
In this function, il_sta is assigned to rs_sta, and rs_sta is dereferenced
at several points. If il_sta is NULL, this can lead to null-pointer
dereferences. To fix this issue, add an early check for il_sta and return
if it is NULL, consistent with the handling in il3945_rs_tx_status().
Besides, if the STA il data is uninitialized, return early instead of
setting il_sta to NULL, consistent with the handling in
il3945_rs_tx_status().
Signed-off-by: Tuo Li <islituo@gmail.com>
---
v2:
* Return early for uninitialized STA il data and align D_RATE messages with
il3945_rs_tx_status(). Add a wifi: prefix to the patch title.
Thanks to Stanislaw Gruszka for the helpful advice.
---
drivers/net/wireless/intel/iwlegacy/3945-rs.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlegacy/3945-rs.c b/drivers/net/wireless/intel/iwlegacy/3945-rs.c
index 1826c37c090c..c509c89bba00 100644
--- a/drivers/net/wireless/intel/iwlegacy/3945-rs.c
+++ b/drivers/net/wireless/intel/iwlegacy/3945-rs.c
@@ -626,10 +626,15 @@ il3945_rs_get_rate(void *il_r, struct ieee80211_sta *sta, void *il_sta,
D_RATE("enter\n");
+ if (!il_sta) {
+ D_RATE("leave: No STA il data to update!\n");
+ return;
+ }
+
/* Treat uninitialized rate scaling data same as non-existing. */
- if (rs_sta && !rs_sta->il) {
- D_RATE("Rate scaling information not initialized yet.\n");
- il_sta = NULL;
+ if (!rs_sta->il) {
+ D_RATE("leave: STA il data uninitialized!\n");
+ return;
}
rate_mask = sta->deflink.supp_rates[sband->band];
--
2.43.0
next reply other threads:[~2026-01-07 8:42 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-07 8:41 Tuo Li [this message]
2026-01-07 8:59 ` [PATCH v2] wifi: iwlegacy: 3945-rs: fix possible null-pointer dereferences in il3945_rs_get_rate() Stanislaw Gruszka
2026-01-08 12:02 ` Johannes Berg
2026-01-08 13:28 ` Tuo Li
2026-01-08 16:33 ` Stanislaw Gruszka
2026-01-09 2:42 ` Tuo Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260107084149.173289-1-islituo@gmail.com \
--to=islituo@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=stf_xl@wp.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.