From patchwork Thu Feb 3 20:14:01 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesper Juhl X-Patchwork-Id: 81712 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 8187AB70E3 for ; Fri, 4 Feb 2011 07:15:33 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751663Ab1BCUPA (ORCPT ); Thu, 3 Feb 2011 15:15:00 -0500 Received: from swampdragon.chaosbits.net ([90.184.90.115]:10902 "EHLO swampdragon.chaosbits.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751051Ab1BCUO7 (ORCPT ); Thu, 3 Feb 2011 15:14:59 -0500 Received: by swampdragon.chaosbits.net (Postfix, from userid 1000) id C479F9403D; Thu, 3 Feb 2011 21:14:01 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by swampdragon.chaosbits.net (Postfix) with ESMTP id BDC609403B; Thu, 3 Feb 2011 21:14:01 +0100 (CET) Date: Thu, 3 Feb 2011 21:14:01 +0100 (CET) From: Jesper Juhl To: linux-wireless@vger.kernel.org cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, "John W. Linville" , Kalle Valo Subject: [PATCH] wireless, wl1251: Fix potential NULL pointer dereference in wl1251_op_bss_info_changed() Message-ID: User-Agent: Alpine 2.00 (LNX 1167 2008-08-23) MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org In drivers/net/wireless/wl1251/main.c:wl1251_op_bss_info_changed() we make a call to ieee80211_beacon_get() which may return NULL, but we do not check the return value before dereferencing the pointer. Signed-off-by: Jesper Juhl --- main.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/wl1251/main.c b/drivers/net/wireless/wl1251/main.c index 012e1a4..40372ba 100644 --- a/drivers/net/wireless/wl1251/main.c +++ b/drivers/net/wireless/wl1251/main.c @@ -1039,6 +1039,9 @@ static void wl1251_op_bss_info_changed(struct ieee80211_hw *hw, if (changed & BSS_CHANGED_BEACON) { beacon = ieee80211_beacon_get(hw, vif); + if (!beacon) + goto out_sleep; + ret = wl1251_cmd_template_set(wl, CMD_BEACON, beacon->data, beacon->len);