iwlagn: fix NULL ptr deref when reprogramming sta w/o LQ
authorJohannes Berg <johannes.berg@intel.com>
Thu, 10 Nov 2011 14:55:05 +0000 (06:55 -0800)
committerJohn W. Linville <linville@tuxdriver.com>
Fri, 11 Nov 2011 17:32:52 +0000 (12:32 -0500)
commitaed0fd4acd9b1a4fa042ea65f5de697996f6ac7f
tree120fd648461bbfd8e771e5952d169cecd75a1f71
parentb2ccccdca46273c7b321ecf5041c362cd950da20
iwlagn: fix NULL ptr deref when reprogramming sta w/o LQ

Reinette reports a crash in iwl_reprogram_ap_sta(). The
debugging shows:

  b1 16    mov    $0x16,%cl
 *f3 a5    rep movsl %ds     <-- trapping instruction:(%rsi),%es:(%rdi)

which is a memcpy of 22 (0x16) words (movsl). this points
to "priv->stations[sta_id].lq" being NULL since that is
the memcpy() of that size here.

The only way I see for this to happen is if we try to
do some RXON reprogramming while connecting to an AP,
after tx_sync() but before full setup, but that seems
like something that might very well happen.

Fix this by checking if the LQ is present and only then
reprogramming it.

Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/iwlwifi/iwl-agn-sta.c
This page took 0.026936 seconds and 5 git commands to generate.