Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp2178604ybn; Thu, 26 Sep 2019 08:08:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqwNObhcqng6V9bDLidy9ImD0vlsyICasv89smJ+JbDXUD4dWfeHIjtgg5z20M5a7yZyee5g X-Received: by 2002:adf:dbce:: with SMTP id e14mr3265436wrj.56.1569510491606; Thu, 26 Sep 2019 08:08:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569510491; cv=none; d=google.com; s=arc-20160816; b=BO9966j1ApQYXV4wrr7hqlZiwIlhGEo9aK1JVIB4CMgVmqjnAEfQu0tYFRXIwrfSJS jZ0upTO9iUAmYLQjGsiRz2ydgr9hAz/ZLJ5cqjIlTN64HOh/ntXRrvdLE6UyFFE2DZZ8 lFLsUKq/6ZfkYpMCgX9MDK/xa0JNqsIymdRlOcn65hfmSxaeFnZtv4djVlSDuUetvSqa /TMqOg2YQvg7TyZwyIqlwqnq59CCpribOciEP37ptreuGc1N6+c3HdWwImvYgXuSKpi9 IJikMCE9oEJS106NrAfhXhPC/+oeXG5U4H3EUfOGI9AC2HOOxNkCG+p1eoHdkkNofPoc xLSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=FVKRXmx8SRBsU+0IWvQgA4/r5KeBrIiQqcBDYIkxnNs=; b=B6dOz1NNbzx5imOfbJBRiPLmqOHDwyujYIzVCsv+jHcXDHjOfVyjtnrMRQxA9FUJSc u5ZxFO7KbiiT8bJjU+B8jhM1vXt0ZVAnRs7UiHa9aldHWFNDcXNUr7RvbOTGDrPD+Ij9 qxG43YIMoQSCqFPtYbFif9Q92Z05jwmT+CGoZu5R/nFngYiM8jfQZ/6xXUlDfu0IaN5J pQaxcS82u8hOHJI07Zku14+ikxCa7EXAkFfTE0/A35xzGOorckBZtqC95aX4soAPqvnO +0YgobZ/1yKDCI3h1DNdxojR9tJhoazWbuUORV1xvSDmcVsv7GdvuL6frGRFaF4hubdH 27JQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l12si1725757edk.444.2019.09.26.08.07.46; Thu, 26 Sep 2019 08:08:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727154AbfIZPDY (ORCPT + 99 others); Thu, 26 Sep 2019 11:03:24 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:36414 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726105AbfIZPDX (ORCPT ); Thu, 26 Sep 2019 11:03:23 -0400 Received: from mail-pg1-f198.google.com ([209.85.215.198]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iDVIf-0007Xl-5t for linux-kernel@vger.kernel.org; Thu, 26 Sep 2019 15:03:21 +0000 Received: by mail-pg1-f198.google.com with SMTP id x31so1568126pgl.12 for ; Thu, 26 Sep 2019 08:03:21 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=FVKRXmx8SRBsU+0IWvQgA4/r5KeBrIiQqcBDYIkxnNs=; b=jeC1g62jS9bXC+4AgeNasmx0NQWD52+cYR+rYf6FK0YWkwAuHsSMXS5+AzsCdXU2lg 0nDJM8GRGxZgqOtgXmvHp9PrLkqc+YsdIpGuwUW2/9yBcykS9iZmqDPBcbWWl/Ekkj9a bF8vg+8666z0IQ4vIe6NzCOLNlZF9MC+J7nSH+MdDxWx1iqhaQWpo4xdUpTOGCES9SRP muleZMrtzGOirAz8jxrXtjTOZxd7eqJXOJIySSEiZ0xT5wLDvyg7amBh5ZANnAUeraoZ 4Tz0J3CtntM+/mCWAnUvmVW2Uqkv8GwLsD1QIFVyxctplNsWSaNNNsmM2sal4uVLmRQC xWIA== X-Gm-Message-State: APjAAAX/bmGQQlXxToVzBwiTB3hQvpJSXJ4xIkLnd1G8hbrUMs/tBMCo d6bWxEyOO5X/s/YDB3QHvnIERDI8u/mZZ4RxF9rY/Ai+Dm1finN87oSA3zbGWnU204MwkkNgPH1 MkVVh29AokzMWVe+EMmAU65M0prjvzkF+hohjilE2uQ== X-Received: by 2002:a63:205:: with SMTP id 5mr3768388pgc.77.1569510199733; Thu, 26 Sep 2019 08:03:19 -0700 (PDT) X-Received: by 2002:a63:205:: with SMTP id 5mr3768358pgc.77.1569510199466; Thu, 26 Sep 2019 08:03:19 -0700 (PDT) Received: from canonical.lan (c-24-20-45-88.hsd1.or.comcast.net. [24.20.45.88]) by smtp.gmail.com with ESMTPSA id 4sm2174992pja.29.2019.09.26.08.03.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Sep 2019 08:03:18 -0700 (PDT) From: Connor Kuehl To: Larry.Finger@lwfinger.net, gregkh@linuxfoundation.org, straube.linux@gmail.com, devel@driverdev.osuosl.org Cc: linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH v2] staging: rtl8188eu: fix possible null dereference Date: Thu, 26 Sep 2019 08:03:17 -0700 Message-Id: <20190926150317.5894-1-connor.kuehl@canonical.com> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Inside a nested 'else' block at the beginning of this function is a call that assigns 'psta' to the return value of 'rtw_get_stainfo()'. If 'rtw_get_stainfo()' returns NULL and the flow of control reaches the 'else if' where 'psta' is dereferenced, then we will dereference a NULL pointer. Fix this by checking if 'psta' is not NULL before reading its 'psta->qos_option' data member. Addresses-Coverity: ("Dereference null return value") Signed-off-by: Connor Kuehl --- v1 -> v2: - Add the same null check to line 779 drivers/staging/rtl8188eu/core/rtw_xmit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/staging/rtl8188eu/core/rtw_xmit.c b/drivers/staging/rtl8188eu/core/rtw_xmit.c index 952f2ab51347..c37591657bac 100644 --- a/drivers/staging/rtl8188eu/core/rtw_xmit.c +++ b/drivers/staging/rtl8188eu/core/rtw_xmit.c @@ -776,7 +776,7 @@ s32 rtw_make_wlanhdr(struct adapter *padapter, u8 *hdr, struct pkt_attrib *pattr memcpy(pwlanhdr->addr2, get_bssid(pmlmepriv), ETH_ALEN); memcpy(pwlanhdr->addr3, pattrib->src, ETH_ALEN); - if (psta->qos_option) + if (psta && psta->qos_option) qos_option = true; } else if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) || check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) { @@ -784,7 +784,7 @@ s32 rtw_make_wlanhdr(struct adapter *padapter, u8 *hdr, struct pkt_attrib *pattr memcpy(pwlanhdr->addr2, pattrib->src, ETH_ALEN); memcpy(pwlanhdr->addr3, get_bssid(pmlmepriv), ETH_ALEN); - if (psta->qos_option) + if (psta && psta->qos_option) qos_option = true; } else { RT_TRACE(_module_rtl871x_xmit_c_, _drv_err_, ("fw_state:%x is not allowed to xmit frame\n", get_fwstate(pmlmepriv))); -- 2.17.1