mac80211: avoid NULL ptr deref when finding max_rates in PID and minstrel

"There is another problem with this piece of code. The sband will be NULL after second iteration on single band device and cause null pointer dereference. Everything is working with dual band card. Sorry, but i don't know how to explain this clearly in English. I have looked on the second patch for pid algorithm and found similar bug." Reported-by: Karol Szuster <qflon@o2.pl> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: John W. Linville <linville@tuxdriver.com> 2009-05-05 15:18:26 -0400
committer: John W. Linville <linville@tuxdriver.com> 2009-05-11 15:07:01 -0400
commit: 621ad7c96aa138cfeab53cd4debc5a4e08b2189b (patch)
tree: 1759dce722d8b8798698540d1db11c2027c27ecf /net
parent: aedec9226809ae9d1972f8f8079fc70206ee7a88 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index 70df3dcc3cf6..d9233ec50610 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -477,7 +477,7 @@ minstrel_alloc_sta(void *priv, struct ieee80211_sta *sta, gfp_t gfp)
        for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
                sband = hw->wiphy->bands[i];
-                if (sband->n_bitrates > max_rates)
+                if (sband && sband->n_bitrates > max_rates)
                        max_rates = sband->n_bitrates;
        }
diff --git a/net/mac80211/rc80211_pid_algo.c b/net/mac80211/rc80211_pid_algo.c
index 01d59a8e334c..8bef9a1262ff 100644
--- a/net/mac80211/rc80211_pid_algo.c
+++ b/net/mac80211/rc80211_pid_algo.c
@@ -378,7 +378,7 @@ static void *rate_control_pid_alloc(struct ieee80211_hw *hw,
        for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
                sband = hw->wiphy->bands[i];
-                if (sband->n_bitrates > max_rates)
+                if (sband && sband->n_bitrates > max_rates)
                        max_rates = sband->n_bitrates;
        }
author	John W. Linville <linville@tuxdriver.com>	2009-05-05 15:18:26 -0400
committer	John W. Linville <linville@tuxdriver.com>	2009-05-11 15:07:01 -0400
commit	621ad7c96aa138cfeab53cd4debc5a4e08b2189b (patch)
tree	1759dce722d8b8798698540d1db11c2027c27ecf /net
parent	aedec9226809ae9d1972f8f8079fc70206ee7a88 (diff)

diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c index 70df3dcc3cf6..d9233ec50610 100644 --- a/net/mac80211/rc80211_minstrel.c +++ b/net/mac80211/rc80211_minstrel.c
@@ -477,7 +477,7 @@ minstrel_alloc_sta(void priv, struct ieee80211_sta sta, gfp_t gfp)
477		477
478	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {	478	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
479	sband = hw->wiphy->bands[i];	479	sband = hw->wiphy->bands[i];
480	if (sband->n_bitrates > max_rates)	480	if (sband && sband->n_bitrates > max_rates)
481	max_rates = sband->n_bitrates;	481	max_rates = sband->n_bitrates;
482	}	482	}
483		483


diff --git a/net/mac80211/rc80211_pid_algo.c b/net/mac80211/rc80211_pid_algo.c index 01d59a8e334c..8bef9a1262ff 100644 --- a/net/mac80211/rc80211_pid_algo.c +++ b/net/mac80211/rc80211_pid_algo.c
@@ -378,7 +378,7 @@ static void rate_control_pid_alloc(struct ieee80211_hw hw,
378		378
379	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {	379	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
380	sband = hw->wiphy->bands[i];	380	sband = hw->wiphy->bands[i];
381	if (sband->n_bitrates > max_rates)	381	if (sband && sband->n_bitrates > max_rates)
382	max_rates = sband->n_bitrates;	382	max_rates = sband->n_bitrates;
383	}	383	}
384		384