From patchwork Sat Jan 23 18:27:14 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kalle Valo <kalle.valo@iki.fi>
X-Patchwork-Id: 74906
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter.kernel.org (8.14.3/8.14.2) with ESMTP id o0NIRjAM003672
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Sat, 23 Jan 2010 18:27:45 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755794Ab0AWS1U (ORCPT
	<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
	Sat, 23 Jan 2010 13:27:20 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753665Ab0AWS1U
	(ORCPT <rfc822;linux-wireless-outgoing>);
	Sat, 23 Jan 2010 13:27:20 -0500
Received: from emh02.mail.saunalahti.fi ([62.142.5.108]:46996 "EHLO
	emh02.mail.saunalahti.fi" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753502Ab0AWS1T (ORCPT
	<rfc822;linux-wireless@vger.kernel.org>);
	Sat, 23 Jan 2010 13:27:19 -0500
Received: from saunalahti-vams (vs3-12.mail.saunalahti.fi [62.142.5.96])
	by emh02-2.mail.saunalahti.fi (Postfix) with SMTP id 06508EF2C4;
	Sat, 23 Jan 2010 20:27:18 +0200 (EET)
Received: from emh03.mail.saunalahti.fi ([62.142.5.109])
	by vs3-12.mail.saunalahti.fi ([62.142.5.96])
	with SMTP (gateway) id A00C12CA6B8; Sat, 23 Jan 2010 20:27:17 +0200
Received: from [127.0.1.1] (a91-155-131-184.elisa-laajakaista.fi
	[91.155.131.184])
	by emh03.mail.saunalahti.fi (Postfix) with ESMTP id D66BB158A64;
	Sat, 23 Jan 2010 20:27:14 +0200 (EET)
Subject: [PATCH] mac80211: fix tx select key null pointer crash with hostapd
To: linux-wireless@vger.kernel.org
From: Kalle Valo <kalle.valo@iki.fi>
Cc: Pavel Roskin <proski@gnu.org>, Johannes Berg <johannes@sipsolutions.net>
Date: Sat, 23 Jan 2010 20:27:14 +0200
Message-ID: <20100123182714.15374.3093.stgit@tikku>
User-Agent: StGit/0.15
MIME-Version: 1.0
X-Antivirus: VAMS
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org


diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index fcfa988..d017b35 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -547,9 +547,10 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
 			    !ieee80211_use_mfp(hdr->frame_control, tx->sta,
 					       tx->skb))
 				tx->key = NULL;
-			skip_hw = (tx->key->conf.flags &
-						IEEE80211_KEY_FLAG_SW_MGMT) &&
-				   ieee80211_is_mgmt(hdr->frame_control);
+			else
+				skip_hw = (tx->key->conf.flags &
+					   IEEE80211_KEY_FLAG_SW_MGMT) &&
+					ieee80211_is_mgmt(hdr->frame_control);
 			break;
 		case ALG_AES_CMAC:
 			if (!ieee80211_is_mgmt(hdr->frame_control))