In commit "cfg80211: check radar interface combinations" a regression
was introduced which might lead to NULL dereference if the argument
chan = NULL, which might happen in IBSS/wext case (and probably
others).
Signed-off-by: Simon Wunderlich <[email protected]>
---
net/wireless/util.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 1c2795d..d7873c7 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -1212,7 +1212,8 @@ int cfg80211_can_use_iftype_chan(struct cfg80211_registered_device *rdev,
case NL80211_IFTYPE_MESH_POINT:
case NL80211_IFTYPE_P2P_GO:
case NL80211_IFTYPE_WDS:
- radar_required = !!(chan->flags & IEEE80211_CHAN_RADAR);
+ radar_required = !!(chan &&
+ (chan->flags & IEEE80211_CHAN_RADAR));
break;
case NL80211_IFTYPE_P2P_CLIENT:
case NL80211_IFTYPE_STATION:
--
1.7.10.4
On Wed, 2013-01-23 at 15:15 +0100, Simon Wunderlich wrote:
> In commit "cfg80211: check radar interface combinations" a regression
> was introduced which might lead to NULL dereference if the argument
> chan = NULL, which might happen in IBSS/wext case (and probably
> others).
Applied.
johannes