From patchwork Wed Dec 28 13:47:07 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Otcheretianski X-Patchwork-Id: 709279 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2001:1868:205::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3tpYyJ01qCz9sdn for ; Thu, 29 Dec 2016 00:50:00 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.85_2 #1 (Red Hat Linux)) id 1cMEbu-0007YV-Hf; Wed, 28 Dec 2016 13:49:42 +0000 Received: from mga09.intel.com ([134.134.136.24]) by bombadil.infradead.org with esmtps (Exim 4.85_2 #1 (Red Hat Linux)) id 1cMEbr-0007Q1-VG for hostap@lists.infradead.org; Wed, 28 Dec 2016 13:49:40 +0000 Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga102.jf.intel.com with ESMTP; 28 Dec 2016 05:49:16 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos; i="5.33,422,1477983600"; d="scan'208"; a="1087472162" Received: from unknown (HELO TEMPHOSTNAME.ger.corp.intel.com) ([10.12.217.219]) by fmsmga001.fm.intel.com with ESMTP; 28 Dec 2016 05:49:15 -0800 From: Andrei Otcheretianski To: hostap@lists.infradead.org Subject: [PATCH] nl80211: Zero num_modes if nl80211_get_hw_feature_data() fails Date: Wed, 28 Dec 2016 15:47:07 +0200 Message-Id: <1482932827-2035-2-git-send-email-andrei.otcheretianski@intel.com> X-Mailer: git-send-email 1.9.1 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20161228_054940_099258_30C4ECF3 X-CRM114-Status: UNSURE ( 8.59 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -8.3 (--------) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-8.3 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [134.134.136.24 listed in wl.mailspike.net] -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust [134.134.136.24 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.4 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Andrei Otcheretianski MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org It was possible that nl80211_get_hw_feature_data() function would return NULL when num_modes is not set to zero. This might result in a later crash when accessing hw.modes. This may be reproduced with hwsim oom tests, for example, dbus_connect_oom. Fix that by zeroing num_modes if NULL is returned. Signed-off-by: Andrei Otcheretianski --- src/drivers/driver_nl80211_capa.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index 85706ef..1bea3ba 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -1771,6 +1771,7 @@ nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) os_free(result.modes[i].rates); } os_free(result.modes); + *num_modes = 0; return NULL; } return wpa_driver_nl80211_postprocess_modes(result.modes,