This fixes NULL pointer dereferences.
Signed-off-by: Michael Buesch <[email protected]>
---
This patch is against zd1211rw-mac80211. I'll now clone
wireless-2.6 to get the upstream version. But I guess
this patch does also apply cleanly to z1211, if the paths
are changed.
Index: wireless-dev/drivers/net/wireless/zd1211rw-mac80211/zd_chip.c
===================================================================
--- wireless-dev.orig/drivers/net/wireless/zd1211rw-mac80211/zd_chip.c 2007-09-19 17:15:58.000000000 +0200
+++ wireless-dev/drivers/net/wireless/zd1211rw-mac80211/zd_chip.c 2007-09-23 15:47:43.000000000 +0200
@@ -52,8 +52,15 @@ void zd_chip_clear(struct zd_chip *chip)
static int scnprint_mac_oui(struct zd_chip *chip, char *buffer, size_t size)
{
u8 *addr = zd_chip_to_mac(chip)->hwaddr;
+ u8 a = 0, b = 0, c = 0;
+
+ if (addr) {
+ a = addr[0];
+ b = addr[1];
+ c = addr[2];
+ }
return scnprintf(buffer, size, "%02x-%02x-%02x",
- addr[0], addr[1], addr[2]);
+ a, b, c);
}
/* Prints an identifier line, which will support debugging. */
@@ -378,15 +385,16 @@ int zd_write_mac_addr(struct zd_chip *ch
[1] = { .addr = CR_MAC_ADDR_P2 },
};
- reqs[0].value = (mac_addr[3] << 24)
- | (mac_addr[2] << 16)
- | (mac_addr[1] << 8)
- | mac_addr[0];
- reqs[1].value = (mac_addr[5] << 8)
- | mac_addr[4];
-
- dev_dbg_f(zd_chip_dev(chip),
- "mac addr " MAC_FMT "\n", MAC_ARG(mac_addr));
+ if (mac_addr) {
+ reqs[0].value = (mac_addr[3] << 24)
+ | (mac_addr[2] << 16)
+ | (mac_addr[1] << 8)
+ | mac_addr[0];
+ reqs[1].value = (mac_addr[5] << 8)
+ | mac_addr[4];
+ dev_dbg_f(zd_chip_dev(chip),
+ "mac addr " MAC_FMT "\n", MAC_ARG(mac_addr));
+ }
mutex_lock(&chip->mutex);
r = zd_iowrite32a_locked(chip, reqs, ARRAY_SIZE(reqs));
On Sunday 23 September 2007, Ulrich Kunitz wrote:
> Daniel is normally reviewing my patches and forwards them to
> linux-wireless. This is our way to ensure quality control before
> the patches hit John's tree.
Yeah, cool. So please get it upstream now. It can't get any worse
with it. The driver currently always crashes.
Also, what's needed to get monitor during operation running?
I guess it's only about removing the artificial restriction
for this in the add_interface callback. Is there something else?
On Sun, 2007-09-23 at 18:35 +0200, Michael Buesch wrote:
> Also, what's needed to get monitor during operation running?
> I guess it's only about removing the artificial restriction
> for this in the add_interface callback. Is there something else?
Michael, just ignore all this, the filter flags patch is on the way into
the tree and it gets rid of all that. No need to now try to fix it.
johannes
Michael Buesch wrote:
> This fixes NULL pointer dereferences.
>
> Signed-off-by: Michael Buesch <[email protected]>
Michael, there is a patch in my development tree (branch
zd1211rw-dev), which fixes the MAC address handling. It ensures
that the mac address is not accessed over a NULL pointer. It also
ensures that a MAC address, which is different from the address
from the device EEPROM can be set. Additionally it introduces an
open flag, which might be helpful to handle the channel setting
problem.
Your patch solves the issue of NULL pointer accesses, but not the
real cause of the problem.
Look at this gitweb output:
http://deine-taler.de/git-bin/gitweb.cgi?p=zd1211rw.git;a=shortlog;h=zd1211rw-dev
The patch is called "Fixed: MAC address handling".
The git URL is:
git://deine-taler.de/git/zd1211rw.git
Daniel is normally reviewing my patches and forwards them to
linux-wireless. This is our way to ensure quality control before
the patches hit John's tree.
--
Uli Kunitz