aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net
diff options
context:
space:
mode:
authorDan Carpenter <error27@gmail.com>2011-06-24 09:33:35 -0400
committerJohn W. Linville <linville@tuxdriver.com>2011-06-27 15:09:42 -0400
commita5e5aa6cee4cdb967a1f1c33a31165062783ccea (patch)
treec3e36575ff7495c5a70a567d7d4272acafc466ec /drivers/net
parentf6b4e4d476b890e1ddebbed8ec4924f9c2750a31 (diff)
mwifiex: restore handling of NULL parameters
Prior to a5ffddb70c5cab "mwifiex: remove casts of void pointers" the code assumed that the data_buf parameter could be a NULL pointer. The patch preserved some NULL checks but not consistently, so there was a potential for NULL dereferences and it changed the behavior. This patch restores the original behavior. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net')
-rw-r--r--drivers/net/wireless/mwifiex/sta_cmd.c2
-rw-r--r--drivers/net/wireless/mwifiex/sta_cmdresp.c29
2 files changed, 18 insertions, 13 deletions
diff --git a/drivers/net/wireless/mwifiex/sta_cmd.c b/drivers/net/wireless/mwifiex/sta_cmd.c
index d85a0a60aa6a..49b9c1309f7a 100644
--- a/drivers/net/wireless/mwifiex/sta_cmd.c
+++ b/drivers/net/wireless/mwifiex/sta_cmd.c
@@ -779,6 +779,8 @@ static int mwifiex_cmd_ibss_coalescing_status(struct host_cmd_ds_command *cmd,
779 case HostCmd_ACT_GEN_SET: 779 case HostCmd_ACT_GEN_SET:
780 if (enable) 780 if (enable)
781 ibss_coal->enable = cpu_to_le16(*enable); 781 ibss_coal->enable = cpu_to_le16(*enable);
782 else
783 ibss_coal->enable = 0;
782 break; 784 break;
783 785
784 /* In other case.. Nothing to do */ 786 /* In other case.. Nothing to do */
diff --git a/drivers/net/wireless/mwifiex/sta_cmdresp.c b/drivers/net/wireless/mwifiex/sta_cmdresp.c
index ad64c87b91d6..6804239d87bd 100644
--- a/drivers/net/wireless/mwifiex/sta_cmdresp.c
+++ b/drivers/net/wireless/mwifiex/sta_cmdresp.c
@@ -183,30 +183,32 @@ static int mwifiex_ret_802_11_rssi_info(struct mwifiex_private *priv,
183 */ 183 */
184static int mwifiex_ret_802_11_snmp_mib(struct mwifiex_private *priv, 184static int mwifiex_ret_802_11_snmp_mib(struct mwifiex_private *priv,
185 struct host_cmd_ds_command *resp, 185 struct host_cmd_ds_command *resp,
186 u32 *ul_temp) 186 u32 *data_buf)
187{ 187{
188 struct host_cmd_ds_802_11_snmp_mib *smib = &resp->params.smib; 188 struct host_cmd_ds_802_11_snmp_mib *smib = &resp->params.smib;
189 u16 oid = le16_to_cpu(smib->oid); 189 u16 oid = le16_to_cpu(smib->oid);
190 u16 query_type = le16_to_cpu(smib->query_type); 190 u16 query_type = le16_to_cpu(smib->query_type);
191 u32 ul_temp;
191 192
192 dev_dbg(priv->adapter->dev, "info: SNMP_RESP: oid value = %#x," 193 dev_dbg(priv->adapter->dev, "info: SNMP_RESP: oid value = %#x,"
193 " query_type = %#x, buf size = %#x\n", 194 " query_type = %#x, buf size = %#x\n",
194 oid, query_type, le16_to_cpu(smib->buf_size)); 195 oid, query_type, le16_to_cpu(smib->buf_size));
195 if (query_type == HostCmd_ACT_GEN_GET) { 196 if (query_type == HostCmd_ACT_GEN_GET) {
196 if (ul_temp) 197 ul_temp = le16_to_cpu(*((__le16 *) (smib->value)));
197 *ul_temp = le16_to_cpu(*((__le16 *) (smib->value))); 198 if (data_buf)
199 *data_buf = ul_temp;
198 switch (oid) { 200 switch (oid) {
199 case FRAG_THRESH_I: 201 case FRAG_THRESH_I:
200 dev_dbg(priv->adapter->dev, 202 dev_dbg(priv->adapter->dev,
201 "info: SNMP_RESP: FragThsd =%u\n", *ul_temp); 203 "info: SNMP_RESP: FragThsd =%u\n", ul_temp);
202 break; 204 break;
203 case RTS_THRESH_I: 205 case RTS_THRESH_I:
204 dev_dbg(priv->adapter->dev, 206 dev_dbg(priv->adapter->dev,
205 "info: SNMP_RESP: RTSThsd =%u\n", *ul_temp); 207 "info: SNMP_RESP: RTSThsd =%u\n", ul_temp);
206 break; 208 break;
207 case SHORT_RETRY_LIM_I: 209 case SHORT_RETRY_LIM_I:
208 dev_dbg(priv->adapter->dev, 210 dev_dbg(priv->adapter->dev,
209 "info: SNMP_RESP: TxRetryCount=%u\n", *ul_temp); 211 "info: SNMP_RESP: TxRetryCount=%u\n", ul_temp);
210 break; 212 break;
211 default: 213 default:
212 break; 214 break;
@@ -622,22 +624,23 @@ static int mwifiex_ret_802_11d_domain_info(struct mwifiex_private *priv,
622 */ 624 */
623static int mwifiex_ret_802_11_rf_channel(struct mwifiex_private *priv, 625static int mwifiex_ret_802_11_rf_channel(struct mwifiex_private *priv,
624 struct host_cmd_ds_command *resp, 626 struct host_cmd_ds_command *resp,
625 u16 *new_channel) 627 u16 *data_buf)
626{ 628{
627 struct host_cmd_ds_802_11_rf_channel *rf_channel = 629 struct host_cmd_ds_802_11_rf_channel *rf_channel =
628 &resp->params.rf_channel; 630 &resp->params.rf_channel;
631 u16 new_channel = le16_to_cpu(rf_channel->current_channel);
629 632
630 if (new_channel) 633 if (priv->curr_bss_params.bss_descriptor.channel != new_channel) {
631 *new_channel = le16_to_cpu(rf_channel->current_channel);
632
633 if (priv->curr_bss_params.bss_descriptor.channel != *new_channel) {
634 dev_dbg(priv->adapter->dev, "cmd: Channel Switch: %d to %d\n", 634 dev_dbg(priv->adapter->dev, "cmd: Channel Switch: %d to %d\n",
635 priv->curr_bss_params.bss_descriptor.channel, 635 priv->curr_bss_params.bss_descriptor.channel,
636 *new_channel); 636 new_channel);
637 /* Update the channel again */ 637 /* Update the channel again */
638 priv->curr_bss_params.bss_descriptor.channel = *new_channel; 638 priv->curr_bss_params.bss_descriptor.channel = new_channel;
639 } 639 }
640 640
641 if (data_buf)
642 *data_buf = new_channel;
643
641 return 0; 644 return 0;
642} 645}
643 646
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-28 19:17:26 -0400