[patch 51/87] mac80211: avoid NULL ptr deref when finding max_rates in PID and minstrel

From: Greg KH
Date: Tue Jun 09 2009 - 06:29:37 EST


2.6.29-stable review patch. If anyone has any objections, please let us know.

------------------

From: John W. Linville <linville@xxxxxxxxxxxxx>

commit 621ad7c96aa138cfeab53cd4debc5a4e08b2189b upstream.

"There is another problem with this piece of code. The sband will be NULL
after second iteration on single band device and cause null pointer
dereference. Everything is working with dual band card. Sorry, but i
don't know how to explain this clearly in English. I have looked on the
second patch for pid algorithm and found similar bug."

Reported-by: Karol Szuster <qflon@xxxxx>
Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
net/mac80211/rc80211_minstrel.c | 2 +-
net/mac80211/rc80211_pid_algo.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -477,7 +477,7 @@ minstrel_alloc_sta(void *priv, struct ie

for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
sband = hw->wiphy->bands[i];
- if (sband->n_bitrates > max_rates)
+ if (sband && sband->n_bitrates > max_rates)
max_rates = sband->n_bitrates;
}

--- a/net/mac80211/rc80211_pid_algo.c
+++ b/net/mac80211/rc80211_pid_algo.c
@@ -378,7 +378,7 @@ static void *rate_control_pid_alloc(stru

for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
sband = hw->wiphy->bands[i];
- if (sband->n_bitrates > max_rates)
+ if (sband && sband->n_bitrates > max_rates)
max_rates = sband->n_bitrates;
}



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/