[PATCH] cfg80211: fix NULL dereference in IBSS SIOCGIWAP

public inbox for linux-wireless@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] cfg80211: fix NULL dereference in IBSS SIOCGIWAP
@ 2009-07-09  8:59 Zhu Yi
  2009-07-09 11:32 ` Johannes Berg
  0 siblings, 1 reply; 2+ messages in thread
From: Zhu Yi @ 2009-07-09  8:59 UTC (permalink / raw)
  To: linville; +Cc: linux-wireless, Zhu Yi, Johannes Berg

This patch avoids memcpy from wdev->wext.ibss.bssid if it is NULL.
This could happen if we SIOCGIWAP before SIOCSIWAP.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
---
 net/wireless/ibss.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/net/wireless/ibss.c b/net/wireless/ibss.c
index 99ef936..cf3a7dc 100644
--- a/net/wireless/ibss.c
+++ b/net/wireless/ibss.c
@@ -434,8 +434,11 @@ int cfg80211_ibss_wext_giwap(struct net_device *dev,
 	wdev_lock(wdev);
 	if (wdev->current_bss)
 		memcpy(ap_addr->sa_data, wdev->current_bss->pub.bssid, ETH_ALEN);
-	else
+	else if (wdev->wext.ibss.bssid)
 		memcpy(ap_addr->sa_data, wdev->wext.ibss.bssid, ETH_ALEN);
+	else
+		memset(ap_addr->sa_data, 0, ETH_ALEN);
+
 	wdev_unlock(wdev);
 
 	return 0;
-- 
1.6.0.4


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] cfg80211: fix NULL dereference in IBSS SIOCGIWAP
  2009-07-09  8:59 [PATCH] cfg80211: fix NULL dereference in IBSS SIOCGIWAP Zhu Yi
@ 2009-07-09 11:32 ` Johannes Berg
  0 siblings, 0 replies; 2+ messages in thread
From: Johannes Berg @ 2009-07-09 11:32 UTC (permalink / raw)
  To: Zhu Yi; +Cc: linville, linux-wireless

[-- Attachment #1: Type: text/plain, Size: 965 bytes --]

On Thu, 2009-07-09 at 16:59 +0800, Zhu Yi wrote:
> This patch avoids memcpy from wdev->wext.ibss.bssid if it is NULL.
> This could happen if we SIOCGIWAP before SIOCSIWAP.

Indeed, thanks.

> Signed-off-by: Zhu Yi <yi.zhu@intel.com>

Reviewed-by: Johannes Berg <johannes@sipsolutions.net>

> ---
>  net/wireless/ibss.c |    5 ++++-
>  1 files changed, 4 insertions(+), 1 deletions(-)
> 
> diff --git a/net/wireless/ibss.c b/net/wireless/ibss.c
> index 99ef936..cf3a7dc 100644
> --- a/net/wireless/ibss.c
> +++ b/net/wireless/ibss.c
> @@ -434,8 +434,11 @@ int cfg80211_ibss_wext_giwap(struct net_device *dev,
>  	wdev_lock(wdev);
>  	if (wdev->current_bss)
>  		memcpy(ap_addr->sa_data, wdev->current_bss->pub.bssid, ETH_ALEN);
> -	else
> +	else if (wdev->wext.ibss.bssid)
>  		memcpy(ap_addr->sa_data, wdev->wext.ibss.bssid, ETH_ALEN);
> +	else
> +		memset(ap_addr->sa_data, 0, ETH_ALEN);
> +
>  	wdev_unlock(wdev);
>  
>  	return 0;

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2009-07-09 11:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-07-09  8:59 [PATCH] cfg80211: fix NULL dereference in IBSS SIOCGIWAP Zhu Yi
2009-07-09 11:32 ` Johannes Berg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox