mac80211: avoid NULL ptr deref when finding max_rates in PID and minstrel

"There is another problem with this piece of code. The sband will be NULL after second iteration on single band device and cause null pointer dereference. Everything is working with dual band card. Sorry, but i don't know how to explain this clearly in English. I have looked on the second patch for pid algorithm and found similar bug." Reported-by: N Karol Szuster <qflon@o2.pl> Signed-off-by: N John W. Linville <linville@tuxdriver.com>

mac80211: avoid NULL ptr deref when finding max_rates in PID and minstrel
"There is another problem with this piece of code. The sband will be NULL after second iteration on single band device and cause null pointer dereference. Everything is working with dual band card. Sorry, but i don't know how to explain this clearly in English. I have looked on the second patch for pid algorithm and found similar bug." Reported-by: N Karol Szuster <qflon@o2.pl> Signed-off-by: N John W. Linville <linville@tuxdriver.com>
621ad7c9 · John W. Linville · aedec922 · 621ad7c9 · 621ad7c9
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

net/mac80211/rc80211_minstrel.c net/mac80211/rc80211_minstrel.c +1 -1

net/mac80211/rc80211_pid_algo.c net/mac80211/rc80211_pid_algo.c +1 -1

未找到文件。
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -477,7 +477,7 @@ minstrel_alloc_sta(void *priv, struct ieee80211_sta *sta, gfp_t gfp)
 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
 		sband = hw->wiphy->bands[i];
-		if (sband->n_bitrates > max_rates)
+		if (sband && sband->n_bitrates > max_rates)
 			max_rates = sband->n_bitrates;
 	}

--- a/net/mac80211/rc80211_pid_algo.c
+++ b/net/mac80211/rc80211_pid_algo.c
@@ -378,7 +378,7 @@ static void *rate_control_pid_alloc(struct ieee80211_hw *hw,
 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
 		sband = hw->wiphy->bands[i];
-		if (sband->n_bitrates > max_rates)
+		if (sband && sband->n_bitrates > max_rates)
 			max_rates = sband->n_bitrates;
 	}