From: Eliad Peller <eliad@wizery.com>
To: Luciano Coelho <luca@coelho.fi>
Cc: <linux-wireless@vger.kernel.org>
Subject: [PATCH v2 06/11] wlcore: fix unsafe dereference of the wlvif
Date: Tue, 17 Sep 2013 18:41:25 +0300 [thread overview]
Message-ID: <1379432490-22157-6-git-send-email-eliad@wizery.com> (raw)
In-Reply-To: <1379432490-22157-1-git-send-email-eliad@wizery.com>
From: Victor Goldenshtein <victorg@ti.com>
wlvif could be passed as NULL from the wlcore_tx_work_locked()
to the wl1271_prepare_tx_frame() and to wl1271_skb_queue_head()
functions. This may lead to a Kernel panic, fix this by
validating that wlvif != NULL.
Signed-off-by: Victor Goldenshtein <victorg@ti.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
---
drivers/net/wireless/ti/wlcore/tx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ti/wlcore/tx.c b/drivers/net/wireless/ti/wlcore/tx.c
index 03249da..87cd707 100644
--- a/drivers/net/wireless/ti/wlcore/tx.c
+++ b/drivers/net/wireless/ti/wlcore/tx.c
@@ -401,7 +401,7 @@ static int wl1271_prepare_tx_frame(struct wl1271 *wl, struct wl12xx_vif *wlvif,
is_wep = (cipher == WLAN_CIPHER_SUITE_WEP40) ||
(cipher == WLAN_CIPHER_SUITE_WEP104);
- if (WARN_ON(is_wep && wlvif->default_key != idx)) {
+ if (WARN_ON(is_wep && wlvif && wlvif->default_key != idx)) {
ret = wl1271_set_default_wep_key(wl, wlvif, idx);
if (ret < 0)
return ret;
--
1.8.3.rc1.35.g9b79519
next prev parent reply other threads:[~2013-09-17 15:41 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-17 15:41 [PATCH v2 01/11] wlcore: ROC on AP channel before auth reply Eliad Peller
2013-09-17 15:41 ` [PATCH v2 02/11] wlcore: add new plt power-mode: CHIP_AWAKE Eliad Peller
2013-09-17 15:41 ` [PATCH v2 03/11] wlcore: disable elp sleep while in plt mode Eliad Peller
2013-09-17 15:41 ` [PATCH v2 04/11] wlcore: re-enable idle handling Eliad Peller
2013-09-17 15:41 ` [PATCH v2 05/11] wlcore: cleanup scan debug prints Eliad Peller
2013-09-17 15:41 ` Eliad Peller [this message]
2013-09-17 15:41 ` [PATCH v2 07/11] wlcore: remove unsupported channels Eliad Peller
2013-09-17 15:41 ` [PATCH v2 08/11] wlcore: clarify and fix regulatory domain bit translation Eliad Peller
2013-09-17 15:41 ` [PATCH v2 09/11] wl18xx: fix boot process in high temperature environment Eliad Peller
2013-09-17 15:41 ` [PATCH v2 10/11] wl18xx: print new RDL versions during boot Eliad Peller
2013-09-30 16:57 ` Luca Coelho
2013-09-17 15:41 ` [PATCH v2 11/11] wlcore: always register dummy hardirq Eliad Peller
2013-10-04 5:10 ` [PATCH v2 01/11] wlcore: ROC on AP channel before auth reply Luca Coelho
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1379432490-22157-6-git-send-email-eliad@wizery.com \
--to=eliad@wizery.com \
--cc=linux-wireless@vger.kernel.org \
--cc=luca@coelho.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).