From patchwork Fri Jun 24 13:33:35 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 916242 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.4) with ESMTP id p5ODYUff008966 for ; Fri, 24 Jun 2011 13:34:31 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756946Ab1FXNe2 (ORCPT ); Fri, 24 Jun 2011 09:34:28 -0400 Received: from mail-pw0-f46.google.com ([209.85.160.46]:64355 "EHLO mail-pw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756759Ab1FXNe1 (ORCPT ); Fri, 24 Jun 2011 09:34:27 -0400 Received: by pwj7 with SMTP id 7so1809702pwj.19 for ; Fri, 24 Jun 2011 06:34:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:date:from:to:cc:subject:message-id:mime-version :content-type:content-disposition:user-agent; bh=PBHBUl0ExCLBLGv2FMNZiMZSrUobXFEG2nqRnFuTPzs=; b=A5jrObQzKIHQaKWFfCKekdBycxhN6Q32bhdlNiGh1zhiUgNdofUYoaSqVZGGTJg8t+ Ayo1luStk/P2sccNMOrRv6vvAAAu6sQcKVsT1TB9R0Ld/kttalUF6eOoNoPyhbO2K4rX MhZqaVOUGNnxs+PK9wcLPt3UEIpYBgDLfHnCw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent; b=apS0lHiqpQ0KEBmDgV11zGOtujEflkD6QtpCVTKMn/sFFoNB4QHzJOU8F4F6qfl0Pr oDmerMu2jp3HBi0IVhAnezDsKPNg7vPmKncEn1zjCvBbtIk/GgVybV38KZNyEIB48m7W xFDEtc36jFdT80+zY2YeAkuxXWkd7rEaIBDSc= Received: by 10.68.43.193 with SMTP id y1mr1642687pbl.168.1308922466853; Fri, 24 Jun 2011 06:34:26 -0700 (PDT) Received: from shale.localdomain ([41.139.221.94]) by mx.google.com with ESMTPS id e6sm1847472pbm.71.2011.06.24.06.34.21 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 24 Jun 2011 06:34:25 -0700 (PDT) Date: Fri, 24 Jun 2011 16:33:35 +0300 From: Dan Carpenter To: Amitkumar Karwar Cc: Bing Zhao , "John W. Linville" , Yogesh Ashok Powar , Marc Yang , "open list:NETWORKING [WIREL..." , kernel-janitors@vger.kernel.org Subject: [patch] mwifiex: restore handling of NULL parameters Message-ID: <20110624133335.GP14591@shale.localdomain> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Fri, 24 Jun 2011 13:34:31 +0000 (UTC) Prior to a5ffddb70c5cab "mwifiex: remove casts of void pointers" the code assumed that the data_buf parameter could be a NULL pointer. The patch preserved some NULL checks but not consistently, so there was a potential for NULL dereferences and it changed the behavior. This patch restores the original behavior. Signed-off-by: Dan Carpenter Acked-by: Bing Zhao --- Compile tested only. -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/net/wireless/mwifiex/sta_cmd.c b/drivers/net/wireless/mwifiex/sta_cmd.c index d85a0a6..49b9c13 100644 --- a/drivers/net/wireless/mwifiex/sta_cmd.c +++ b/drivers/net/wireless/mwifiex/sta_cmd.c @@ -779,6 +779,8 @@ static int mwifiex_cmd_ibss_coalescing_status(struct host_cmd_ds_command *cmd, case HostCmd_ACT_GEN_SET: if (enable) ibss_coal->enable = cpu_to_le16(*enable); + else + ibss_coal->enable = 0; break; /* In other case.. Nothing to do */ diff --git a/drivers/net/wireless/mwifiex/sta_cmdresp.c b/drivers/net/wireless/mwifiex/sta_cmdresp.c index ad64c87..6804239 100644 --- a/drivers/net/wireless/mwifiex/sta_cmdresp.c +++ b/drivers/net/wireless/mwifiex/sta_cmdresp.c @@ -183,30 +183,32 @@ static int mwifiex_ret_802_11_rssi_info(struct mwifiex_private *priv, */ static int mwifiex_ret_802_11_snmp_mib(struct mwifiex_private *priv, struct host_cmd_ds_command *resp, - u32 *ul_temp) + u32 *data_buf) { struct host_cmd_ds_802_11_snmp_mib *smib = &resp->params.smib; u16 oid = le16_to_cpu(smib->oid); u16 query_type = le16_to_cpu(smib->query_type); + u32 ul_temp; dev_dbg(priv->adapter->dev, "info: SNMP_RESP: oid value = %#x," " query_type = %#x, buf size = %#x\n", oid, query_type, le16_to_cpu(smib->buf_size)); if (query_type == HostCmd_ACT_GEN_GET) { - if (ul_temp) - *ul_temp = le16_to_cpu(*((__le16 *) (smib->value))); + ul_temp = le16_to_cpu(*((__le16 *) (smib->value))); + if (data_buf) + *data_buf = ul_temp; switch (oid) { case FRAG_THRESH_I: dev_dbg(priv->adapter->dev, - "info: SNMP_RESP: FragThsd =%u\n", *ul_temp); + "info: SNMP_RESP: FragThsd =%u\n", ul_temp); break; case RTS_THRESH_I: dev_dbg(priv->adapter->dev, - "info: SNMP_RESP: RTSThsd =%u\n", *ul_temp); + "info: SNMP_RESP: RTSThsd =%u\n", ul_temp); break; case SHORT_RETRY_LIM_I: dev_dbg(priv->adapter->dev, - "info: SNMP_RESP: TxRetryCount=%u\n", *ul_temp); + "info: SNMP_RESP: TxRetryCount=%u\n", ul_temp); break; default: break; @@ -622,22 +624,23 @@ static int mwifiex_ret_802_11d_domain_info(struct mwifiex_private *priv, */ static int mwifiex_ret_802_11_rf_channel(struct mwifiex_private *priv, struct host_cmd_ds_command *resp, - u16 *new_channel) + u16 *data_buf) { struct host_cmd_ds_802_11_rf_channel *rf_channel = &resp->params.rf_channel; + u16 new_channel = le16_to_cpu(rf_channel->current_channel); - if (new_channel) - *new_channel = le16_to_cpu(rf_channel->current_channel); - - if (priv->curr_bss_params.bss_descriptor.channel != *new_channel) { + if (priv->curr_bss_params.bss_descriptor.channel != new_channel) { dev_dbg(priv->adapter->dev, "cmd: Channel Switch: %d to %d\n", priv->curr_bss_params.bss_descriptor.channel, - *new_channel); + new_channel); /* Update the channel again */ - priv->curr_bss_params.bss_descriptor.channel = *new_channel; + priv->curr_bss_params.bss_descriptor.channel = new_channel; } + if (data_buf) + *data_buf = new_channel; + return 0; }