[v1] libertas: avoid potential null-pointer dereference

Message ID	1420672721-8400-1-git-send-email-andy.shevchenko@gmail.com (mailing list archive)
State	Rejected
Delegated to:	Kalle Valo
Headers	show Return-Path: <linux-wireless-owner@kernel.org> From: Andy Shevchenko <andy.shevchenko@gmail.com> To: Kalle Valo <kvalo@codeaurora.org>, libertas-dev@lists.infradead.org, linux-wireless@vger.kernel.org Cc: Andy Shevchenko <andy.shevchenko@gmail.com> Subject: [PATCH v1] libertas: avoid potential null-pointer dereference Date: Thu, 8 Jan 2015 01:18:41 +0200 Message-Id: <1420672721-8400-1-git-send-email-andy.shevchenko@gmail.com> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk

Message ID

1420672721-8400-1-git-send-email-andy.shevchenko@gmail.com (mailing list archive)

State

Rejected

Delegated to:

Kalle Valo

Headers

From: Andy Shevchenko <andy.shevchenko@gmail.com>
To: Kalle Valo <kvalo@codeaurora.org>,
	libertas-dev@lists.infradead.org, linux-wireless@vger.kernel.org
Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
Subject: [PATCH v1] libertas: avoid potential null-pointer dereference
Date: Thu,  8 Jan 2015 01:18:41 +0200
Message-Id: <1420672721-8400-1-git-send-email-andy.shevchenko@gmail.com>
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk

Commit Message

Andy Shevchenko Jan. 7, 2015, 11:18 p.m. UTC

We have to check pointer before dereferencing it.

Reported-by: Andrey Karpov <karpov@viva64.com>
Signed-off-by: Andy Shevchenko <andy.shevchenko@gmail.com>
---
 drivers/net/wireless/libertas/cfg.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Andy Shevchenko Jan. 8, 2015, 8:06 a.m. UTC | #1

On Thu, Jan 8, 2015 at 1:18 AM, Andy Shevchenko
<andy.shevchenko@gmail.com> wrote:
> We have to check pointer before dereferencing it.

It seems it's correct in initial form. Discard this and sorry for noise.

>
> Reported-by: Andrey Karpov <karpov@viva64.com>
> Signed-off-by: Andy Shevchenko <andy.shevchenko@gmail.com>
> ---
>  drivers/net/wireless/libertas/cfg.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/wireless/libertas/cfg.c b/drivers/net/wireless/libertas/cfg.c
> index 34f09ef..1d335e6 100644
> --- a/drivers/net/wireless/libertas/cfg.c
> +++ b/drivers/net/wireless/libertas/cfg.c
> @@ -1109,7 +1109,7 @@ static int lbs_associate(struct lbs_private *priv,
>         size_t len, resp_ie_len;
>         int status;
>         int ret;
> -       u8 *pos = &(cmd->iebuf[0]);
> +       u8 *pos;
>         u8 *tmp;
>
>         lbs_deb_enter(LBS_DEB_CFG80211);
> @@ -1138,6 +1138,8 @@ static int lbs_associate(struct lbs_private *priv,
>         cmd->listeninterval = cpu_to_le16(MRVDRV_DEFAULT_LISTEN_INTERVAL);
>         cmd->capability = cpu_to_le16(bss->capability);
>
> +       pos = cmd->iebuf;
> +
>         /* add SSID TLV */
>         rcu_read_lock();
>         ssid_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SSID);
> --
> 1.8.3.101.g727a46b
>

diff --git a/drivers/net/wireless/libertas/cfg.c b/drivers/net/wireless/libertas/cfg.c
index 34f09ef..1d335e6 100644
--- a/drivers/net/wireless/libertas/cfg.c
+++ b/drivers/net/wireless/libertas/cfg.c
@@ -1109,7 +1109,7 @@  static int lbs_associate(struct lbs_private *priv,
 	size_t len, resp_ie_len;
 	int status;
 	int ret;
-	u8 *pos = &(cmd->iebuf[0]);
+	u8 *pos;
 	u8 *tmp;
 
 	lbs_deb_enter(LBS_DEB_CFG80211);
@@ -1138,6 +1138,8 @@  static int lbs_associate(struct lbs_private *priv,
 	cmd->listeninterval = cpu_to_le16(MRVDRV_DEFAULT_LISTEN_INTERVAL);
 	cmd->capability = cpu_to_le16(bss->capability);
 
+	pos = cmd->iebuf;
+
 	/* add SSID TLV */
 	rcu_read_lock();
 	ssid_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SSID);

[v1] libertas: avoid potential null-pointer dereference

Commit Message

Comments

Patch