diff options
author | Felix Fietkau <nbd@openwrt.org> | 2013-07-15 08:35:06 -0400 |
---|---|---|
committer | Johannes Berg <johannes.berg@intel.com> | 2013-07-16 10:48:14 -0400 |
commit | 5c9fc93bc9bc417418fc1b6366833ae6a07b804d (patch) | |
tree | e1fb9841cd93ed7409cf2c2ccd89f416847632c6 /net/mac80211 | |
parent | 6b0f32745dcfba01d7be33acd1b40306c7a914c6 (diff) |
mac80211/minstrel: fix NULL pointer dereference issue
When priv_sta == NULL, mi->prev_sample is dereferenced too early. Move
the assignment further down, after the rate_control_send_low call.
Reported-by: Krzysztof Mazur <krzysiek@podlesie.net>
Cc: stable@vger.kernel.org # 3.10
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211')
-rw-r--r-- | net/mac80211/rc80211_minstrel.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c index ac7ef5414bde..e6512e2ffd20 100644 --- a/net/mac80211/rc80211_minstrel.c +++ b/net/mac80211/rc80211_minstrel.c | |||
@@ -290,7 +290,7 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta, | |||
290 | struct minstrel_rate *msr, *mr; | 290 | struct minstrel_rate *msr, *mr; |
291 | unsigned int ndx; | 291 | unsigned int ndx; |
292 | bool mrr_capable; | 292 | bool mrr_capable; |
293 | bool prev_sample = mi->prev_sample; | 293 | bool prev_sample; |
294 | int delta; | 294 | int delta; |
295 | int sampling_ratio; | 295 | int sampling_ratio; |
296 | 296 | ||
@@ -314,6 +314,7 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta, | |||
314 | (mi->sample_count + mi->sample_deferred / 2); | 314 | (mi->sample_count + mi->sample_deferred / 2); |
315 | 315 | ||
316 | /* delta < 0: no sampling required */ | 316 | /* delta < 0: no sampling required */ |
317 | prev_sample = mi->prev_sample; | ||
317 | mi->prev_sample = false; | 318 | mi->prev_sample = false; |
318 | if (delta < 0 || (!mrr_capable && prev_sample)) | 319 | if (delta < 0 || (!mrr_capable && prev_sample)) |
319 | return; | 320 | return; |