diff options
author | Avinash Patil <patila@marvell.com> | 2014-09-17 13:31:26 -0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2014-09-26 17:06:50 -0400 |
commit | 8eda10eaa18709e951b5d5fbbf673543365a4455 (patch) | |
tree | 3caaf2ac5a64fc9916a8da3719c4423765dde14d /drivers/net/wireless/mwifiex/scan.c | |
parent | cb35582ab4d742c1be48c4e51712a19fa202e978 (diff) |
mwifiex: ensure user_scan_in not NULL while setting scan channel gap
Check for scan channel gap only when user_scan_in is not NULL.
user_scan_in is NULL for internal scans and if we check scan channel gap
at this place, it may result into crash.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Cathy Luo <cluo@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/mwifiex/scan.c')
-rw-r--r-- | drivers/net/wireless/mwifiex/scan.c | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/drivers/net/wireless/mwifiex/scan.c b/drivers/net/wireless/mwifiex/scan.c index c09ebeee6ddf..ca64d4c94112 100644 --- a/drivers/net/wireless/mwifiex/scan.c +++ b/drivers/net/wireless/mwifiex/scan.c | |||
@@ -926,6 +926,23 @@ mwifiex_config_scan(struct mwifiex_private *priv, | |||
926 | if ((i && ssid_filter) || | 926 | if ((i && ssid_filter) || |
927 | !is_zero_ether_addr(scan_cfg_out->specific_bssid)) | 927 | !is_zero_ether_addr(scan_cfg_out->specific_bssid)) |
928 | *filtered_scan = true; | 928 | *filtered_scan = true; |
929 | |||
930 | if (user_scan_in->scan_chan_gap) { | ||
931 | dev_dbg(adapter->dev, "info: scan: channel gap = %d\n", | ||
932 | user_scan_in->scan_chan_gap); | ||
933 | *max_chan_per_scan = | ||
934 | MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN; | ||
935 | |||
936 | chan_gap_tlv = (void *)tlv_pos; | ||
937 | chan_gap_tlv->header.type = | ||
938 | cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP); | ||
939 | chan_gap_tlv->header.len = | ||
940 | cpu_to_le16(sizeof(chan_gap_tlv->chan_gap)); | ||
941 | chan_gap_tlv->chan_gap = | ||
942 | cpu_to_le16((user_scan_in->scan_chan_gap)); | ||
943 | tlv_pos += | ||
944 | sizeof(struct mwifiex_ie_types_scan_chan_gap); | ||
945 | } | ||
929 | } else { | 946 | } else { |
930 | scan_cfg_out->bss_mode = (u8) adapter->scan_mode; | 947 | scan_cfg_out->bss_mode = (u8) adapter->scan_mode; |
931 | num_probes = adapter->scan_probes; | 948 | num_probes = adapter->scan_probes; |
@@ -940,22 +957,6 @@ mwifiex_config_scan(struct mwifiex_private *priv, | |||
940 | else | 957 | else |
941 | *max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD; | 958 | *max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD; |
942 | 959 | ||
943 | if (user_scan_in->scan_chan_gap) { | ||
944 | *max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN; | ||
945 | dev_dbg(adapter->dev, "info: scan: channel gap = %d\n", | ||
946 | user_scan_in->scan_chan_gap); | ||
947 | |||
948 | chan_gap_tlv = (void *)tlv_pos; | ||
949 | chan_gap_tlv->header.type = | ||
950 | cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP); | ||
951 | chan_gap_tlv->header.len = | ||
952 | cpu_to_le16(sizeof(chan_gap_tlv->chan_gap)); | ||
953 | chan_gap_tlv->chan_gap = | ||
954 | cpu_to_le16((user_scan_in->scan_chan_gap)); | ||
955 | |||
956 | tlv_pos += sizeof(struct mwifiex_ie_types_scan_chan_gap); | ||
957 | } | ||
958 | |||
959 | /* If the input config or adapter has the number of Probes set, | 960 | /* If the input config or adapter has the number of Probes set, |
960 | add tlv */ | 961 | add tlv */ |
961 | if (num_probes) { | 962 | if (num_probes) { |