Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp17940261ybl; Thu, 2 Jan 2020 15:13:14 -0800 (PST) X-Google-Smtp-Source: APXvYqygsr3CeO8bSMhVsJQ4PNNa/27OIX124L4kK6YkpX2uDEUBaFGt2likt4oeHMvFiEIdizwm X-Received: by 2002:a9d:4b05:: with SMTP id q5mr79239767otf.174.1578006794158; Thu, 02 Jan 2020 15:13:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578006794; cv=none; d=google.com; s=arc-20160816; b=LabFEtI0D7eMtK43jzfnO77NBbrbSf8KcaY40pNgD8qFsH/TFVM0PgITu0XJpo6a3f 5nLXtjSr8uGABq0sWj8pW3X6z7WKDDIedItTt5xlcbWFlEZ3N2NqCGrswIhJPK7OC4/3 5uceo/cu8g5x98l3U4iG3y8VjSoz6GYS9WGx/XvIkDNXwFyGAbQhRQDVDvSBle15lhnE xmC369K8IfEv1yIL/K9/14OWcIIp7MZpTbix8iETiOnDcY1QIbC772tf5EmV609G41MD VmDPxHCJA25rXk72hkfXf3a2/WqitNsopfl4YSdRHIv56pdXiLe+FTmmeOPeP9mv0OYZ 3EQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=1J4i8bOpk/DV7gwMfWr1ty0O37DyeU8OjXbVG3I/FYU=; b=SAgl2cJy3ZzT5WI5UHr5UilEkMi3TC191tJx8JEbBF0KuwFdQqe2ksUjg71wJ82ZRn C+eSCz8szSbea/gjd5fZUMqkGoGajM3ebaykpsC5gKSHkhM0AA4kl6UMDTQlA/P/sjJa 05W+n7uSaF86m5gGrGVMw5fWa0pmfyK3/LtXNcn40neLnibo7/G/XbcdCNZe9+tClrT9 Eajis+MAMZW+pIYMMz0IbkPxZmkHHGjfMG2WikE2+I7qil6E/Ic8lTvYCt1nw1FyXKIw ZtKCl12yiBc4lnF6bMQQGdYuqEqh05/crpUCgPDMsmyawaPJ8js5HGJJFg4rqA3Xx28K KayQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BNX1wNmQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l17si28523148otk.218.2020.01.02.15.13.02; Thu, 02 Jan 2020 15:13:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BNX1wNmQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729506AbgABWnW (ORCPT + 99 others); Thu, 2 Jan 2020 17:43:22 -0500 Received: from mail.kernel.org ([198.145.29.99]:43932 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730448AbgABWeu (ORCPT ); Thu, 2 Jan 2020 17:34:50 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5FEA021D7D; Thu, 2 Jan 2020 22:34:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578004489; bh=ZrwQ83k2aTL8LzkE183Uob+o+Ng/2LLLoRPFd35PebA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BNX1wNmQ83NYMquCuBgcpU+/+jIDVWzTQGgUXBh0wlfih37AaRjijiATJ5Y39/+b/ ivbLD4vcBhVwTvM9B88otHBBO7T1o2RXpwWBi3epo/+xlzXX4o4eggZI95EeXJAnH6 82IJzBFR5Etua4snfIM3nDyz+8IwhpuRzJz8j2lo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Connor Kuehl , Larry Finger , Sasha Levin Subject: [PATCH 4.4 008/137] staging: rtl8188eu: fix possible null dereference Date: Thu, 2 Jan 2020 23:06:21 +0100 Message-Id: <20200102220547.771963647@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200102220546.618583146@linuxfoundation.org> References: <20200102220546.618583146@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Connor Kuehl [ Upstream commit 228241944a48113470d3c3b46c88ba7fbe0a274b ] Inside a nested 'else' block at the beginning of this function is a call that assigns 'psta' to the return value of 'rtw_get_stainfo()'. If 'rtw_get_stainfo()' returns NULL and the flow of control reaches the 'else if' where 'psta' is dereferenced, then we will dereference a NULL pointer. Fix this by checking if 'psta' is not NULL before reading its 'psta->qos_option' data member. Addresses-Coverity: ("Dereference null return value") Signed-off-by: Connor Kuehl Acked-by: Larry Finger Link: https://lore.kernel.org/r/20190926150317.5894-1-connor.kuehl@canonical.com Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin --- drivers/staging/rtl8188eu/core/rtw_xmit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/staging/rtl8188eu/core/rtw_xmit.c b/drivers/staging/rtl8188eu/core/rtw_xmit.c index cabb810369bd..c6bf8933648d 100644 --- a/drivers/staging/rtl8188eu/core/rtw_xmit.c +++ b/drivers/staging/rtl8188eu/core/rtw_xmit.c @@ -822,7 +822,7 @@ s32 rtw_make_wlanhdr(struct adapter *padapter, u8 *hdr, struct pkt_attrib *pattr memcpy(pwlanhdr->addr2, get_bssid(pmlmepriv), ETH_ALEN); memcpy(pwlanhdr->addr3, pattrib->src, ETH_ALEN); - if (psta->qos_option) + if (psta && psta->qos_option) qos_option = true; } else if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) || check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) { @@ -830,7 +830,7 @@ s32 rtw_make_wlanhdr(struct adapter *padapter, u8 *hdr, struct pkt_attrib *pattr memcpy(pwlanhdr->addr2, pattrib->src, ETH_ALEN); memcpy(pwlanhdr->addr3, get_bssid(pmlmepriv), ETH_ALEN); - if (psta->qos_option) + if (psta && psta->qos_option) qos_option = true; } else { RT_TRACE(_module_rtl871x_xmit_c_, _drv_err_, ("fw_state:%x is not allowed to xmit frame\n", get_fwstate(pmlmepriv))); -- 2.20.1