| Message ID | 20180601132408.GA2572@embeddedor.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | c1e3f64f87381ed3768b9247ab0cd08b41927da6 |
| Delegated to: | Kalle Valo |
| Headers | show |
Hello Gustavo, > diff --git a/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c b/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c > index 220e2b7..ae0ca80 100644 > --- a/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c > +++ b/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c > @@ -654,8 +654,7 @@ qtnf_disconnect(struct wiphy *wiphy, struct net_device *dev, > vif = qtnf_mac_get_base_vif(mac); > if (!vif) { > pr_err("MAC%u: primary VIF is not configured\n", mac->macid); > - ret = -EFAULT; > - goto out; > + return -EFAULT; > } > > if (vif->wdev.iftype != NL80211_IFTYPE_STATION) { That was my fault. Thanks for the fix! Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quanenna.com> Regards, Sergey
Hi Sergey, On 06/01/2018 09:08 AM, Sergey Matyukevich wrote: > Hello Gustavo, > >> diff --git a/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c b/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c >> index 220e2b7..ae0ca80 100644 >> --- a/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c >> +++ b/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c >> @@ -654,8 +654,7 @@ qtnf_disconnect(struct wiphy *wiphy, struct net_device *dev, >> vif = qtnf_mac_get_base_vif(mac); >> if (!vif) { >> pr_err("MAC%u: primary VIF is not configured\n", mac->macid); >> - ret = -EFAULT; >> - goto out; >> + return -EFAULT; >> } >> >> if (vif->wdev.iftype != NL80211_IFTYPE_STATION) { > > That was my fault. Thanks for the fix! > Glad to help. :) > Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quanenna.com> > Thanks -- Gustavo
"Gustavo A. R. Silva" <gustavo@embeddedor.com> writes: > In case *vif* is NULL at 655: if (!vif), the execution path jumps to > label out, where *vif* is dereferenced at 679: > > if (vif->sta_state == QTNF_STA_CONNECTING) > > Fix this by immediately returning when *vif* is NULL instead of > jumping to label out. > > Addresses-Coverity-ID: 1469567 ("Dereference after null check") > Fixes: 480daa9cb62c ("qtnfmac: fix invalid STA state on EAPOL failure") > Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> As commit 480daa9cb62c was recently applied to wireless-drivers-next I'll queue this to 4.18.
"Gustavo A. R. Silva" <gustavo@embeddedor.com> wrote: > In case *vif* is NULL at 655: if (!vif), the execution path jumps to > label out, where *vif* is dereferenced at 679: > > if (vif->sta_state == QTNF_STA_CONNECTING) > > Fix this by immediately returning when *vif* is NULL instead of > jumping to label out. > > Addresses-Coverity-ID: 1469567 ("Dereference after null check") > Fixes: 480daa9cb62c ("qtnfmac: fix invalid STA state on EAPOL failure") > Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> > Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quanenna.com> Patch applied to wireless-drivers.git, thanks. c1e3f64f8738 qtnfmac: fix NULL pointer dereference
diff --git a/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c b/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c index 220e2b7..ae0ca80 100644 --- a/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c +++ b/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c @@ -654,8 +654,7 @@ qtnf_disconnect(struct wiphy *wiphy, struct net_device *dev, vif = qtnf_mac_get_base_vif(mac); if (!vif) { pr_err("MAC%u: primary VIF is not configured\n", mac->macid); - ret = -EFAULT; - goto out; + return -EFAULT; } if (vif->wdev.iftype != NL80211_IFTYPE_STATION) {
In case *vif* is NULL at 655: if (!vif), the execution path jumps to label out, where *vif* is dereferenced at 679: if (vif->sta_state == QTNF_STA_CONNECTING) Fix this by immediately returning when *vif* is NULL instead of jumping to label out. Addresses-Coverity-ID: 1469567 ("Dereference after null check") Fixes: 480daa9cb62c ("qtnfmac: fix invalid STA state on EAPOL failure") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> --- drivers/net/wireless/quantenna/qtnfmac/cfg80211.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)