cfg80211: fix NULL dereference in IBSS SIOCGIWAP
Zhu Yi [Thu, 9 Jul 2009 08:59:49 +0000 (16:59 +0800)]
This patch avoids memcpy from wdev->wext.ibss.bssid if it is NULL.
This could happen if we SIOCGIWAP before SIOCSIWAP.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

net/wireless/ibss.c

index 9394e78..8b65e21 100644 (file)
@@ -487,8 +487,11 @@ int cfg80211_ibss_wext_giwap(struct net_device *dev,
        wdev_lock(wdev);
        if (wdev->current_bss)
                memcpy(ap_addr->sa_data, wdev->current_bss->pub.bssid, ETH_ALEN);
-       else
+       else if (wdev->wext.ibss.bssid)
                memcpy(ap_addr->sa_data, wdev->wext.ibss.bssid, ETH_ALEN);
+       else
+               memset(ap_addr->sa_data, 0, ETH_ALEN);
+
        wdev_unlock(wdev);
 
        return 0;