[PATCH 3.2 61/61] mac80211: Fix null dereference in ieee80211_key_link()

From: Ben Hutchings
Date: Tue Nov 21 2017 - 21:56:58 EST

3.2.96-rc1 review patch. If anyone has any objections, please let me know.


From: Ben Hutchings <ben@xxxxxxxxxxxxxxx>

Commit ef810e7c3d2a ("mac80211: accept key reinstall without changing
anything") moved the initialisation of key->sdata later in
ieee80211_key_link(). In the upstream commit fdf7cb4185b6 this was
fine, but in this version of the function there is additional code
which relies on key->sdata. Change this to use the value that will be
(conditionally) assigned to it later.

Cc: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -508,7 +508,7 @@ int ieee80211_key_link(struct ieee80211_

/* same here, the AP could be using QoS */
- ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid);
+ ap = sta_info_get(sdata, sdata->u.mgd.bssid);
if (ap) {
if (test_sta_flag(ap, WLAN_STA_WME))
key->conf.flags |=