aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net/wireless/mwifiex/scan.c
diff options
context:
space:
mode:
authorAvinash Patil <patila@marvell.com>2014-09-17 13:31:26 -0400
committerJohn W. Linville <linville@tuxdriver.com>2014-09-26 17:06:50 -0400
commit8eda10eaa18709e951b5d5fbbf673543365a4455 (patch)
tree3caaf2ac5a64fc9916a8da3719c4423765dde14d /drivers/net/wireless/mwifiex/scan.c
parentcb35582ab4d742c1be48c4e51712a19fa202e978 (diff)
mwifiex: ensure user_scan_in not NULL while setting scan channel gap
Check for scan channel gap only when user_scan_in is not NULL. user_scan_in is NULL for internal scans and if we check scan channel gap at this place, it may result into crash. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/mwifiex/scan.c')
-rw-r--r--drivers/net/wireless/mwifiex/scan.c33
1 files changed, 17 insertions, 16 deletions
diff --git a/drivers/net/wireless/mwifiex/scan.c b/drivers/net/wireless/mwifiex/scan.c
index c09ebeee6ddf..ca64d4c94112 100644
--- a/drivers/net/wireless/mwifiex/scan.c
+++ b/drivers/net/wireless/mwifiex/scan.c
@@ -926,6 +926,23 @@ mwifiex_config_scan(struct mwifiex_private *priv,
926 if ((i && ssid_filter) || 926 if ((i && ssid_filter) ||
927 !is_zero_ether_addr(scan_cfg_out->specific_bssid)) 927 !is_zero_ether_addr(scan_cfg_out->specific_bssid))
928 *filtered_scan = true; 928 *filtered_scan = true;
929
930 if (user_scan_in->scan_chan_gap) {
931 dev_dbg(adapter->dev, "info: scan: channel gap = %d\n",
932 user_scan_in->scan_chan_gap);
933 *max_chan_per_scan =
934 MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;
935
936 chan_gap_tlv = (void *)tlv_pos;
937 chan_gap_tlv->header.type =
938 cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP);
939 chan_gap_tlv->header.len =
940 cpu_to_le16(sizeof(chan_gap_tlv->chan_gap));
941 chan_gap_tlv->chan_gap =
942 cpu_to_le16((user_scan_in->scan_chan_gap));
943 tlv_pos +=
944 sizeof(struct mwifiex_ie_types_scan_chan_gap);
945 }
929 } else { 946 } else {
930 scan_cfg_out->bss_mode = (u8) adapter->scan_mode; 947 scan_cfg_out->bss_mode = (u8) adapter->scan_mode;
931 num_probes = adapter->scan_probes; 948 num_probes = adapter->scan_probes;
@@ -940,22 +957,6 @@ mwifiex_config_scan(struct mwifiex_private *priv,
940 else 957 else
941 *max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD; 958 *max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD;
942 959
943 if (user_scan_in->scan_chan_gap) {
944 *max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;
945 dev_dbg(adapter->dev, "info: scan: channel gap = %d\n",
946 user_scan_in->scan_chan_gap);
947
948 chan_gap_tlv = (void *)tlv_pos;
949 chan_gap_tlv->header.type =
950 cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP);
951 chan_gap_tlv->header.len =
952 cpu_to_le16(sizeof(chan_gap_tlv->chan_gap));
953 chan_gap_tlv->chan_gap =
954 cpu_to_le16((user_scan_in->scan_chan_gap));
955
956 tlv_pos += sizeof(struct mwifiex_ie_types_scan_chan_gap);
957 }
958
959 /* If the input config or adapter has the number of Probes set, 960 /* If the input config or adapter has the number of Probes set,
960 add tlv */ 961 add tlv */
961 if (num_probes) { 962 if (num_probes) {