[PATCH 5.12 063/700] mac80211: fix NULL ptr dereference during mesh peer connection for non HE devices

From: Greg Kroah-Hartman
Date: Mon Jul 12 2021 - 03:22:56 EST


From: Abinaya Kalaiselvan <akalaise@xxxxxxxxxxxxxx>

commit 95f83ee8d857f006813755e89a126f1048b001e8 upstream.

"sband->iftype_data" is not assigned with any value for non HE supported
devices, which causes NULL pointer access during mesh peer connection
in those devices. Fix this by accessing the pointer after HE
capabilities condition check.

Cc: stable@xxxxxxxxxxxxxxx
Fixes: 7f7aa94bcaf0 (mac80211: reduce peer HE MCS/NSS to own capabilities)
Signed-off-by: Abinaya Kalaiselvan <akalaise@xxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/1624459244-4497-1-git-send-email-akalaise@xxxxxxxxxxxxxx
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
net/mac80211/he.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

--- a/net/mac80211/he.c
+++ b/net/mac80211/he.c
@@ -111,7 +111,7 @@ ieee80211_he_cap_ie_to_sta_he_cap(struct
struct sta_info *sta)
{
struct ieee80211_sta_he_cap *he_cap = &sta->sta.he_cap;
- struct ieee80211_sta_he_cap own_he_cap = sband->iftype_data->he_cap;
+ struct ieee80211_sta_he_cap own_he_cap;
struct ieee80211_he_cap_elem *he_cap_ie_elem = (void *)he_cap_ie;
u8 he_ppe_size;
u8 mcs_nss_size;
@@ -123,6 +123,8 @@ ieee80211_he_cap_ie_to_sta_he_cap(struct
if (!he_cap_ie || !ieee80211_get_he_sta_cap(sband))
return;

+ own_he_cap = sband->iftype_data->he_cap;
+
/* Make sure size is OK */
mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap_ie_elem);
he_ppe_size =