Fix a possible NULL pointer dereference in ieee80211_compatible_rates
introduced in the patch "mac80211: fix association with some APs". If no bss
is available just use all supported rates in the association request.
Signed-off-by: Helmut Schaa <[email protected]>
---
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 76ad4ed..7aff784 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -722,6 +722,15 @@ static void ieee80211_send_assoc(struct net_device *dev,
if (bss->wmm_ie)
wmm = 1;
ieee80211_rx_bss_put(dev, bss);
+
+ /* get all rates supported by the device and the AP as
+ * some APs don't like getting a superset of their rates
+ * in the association request (e.g. D-Link DAP 1353 in
+ * b-only mode) */
+ rates_len = ieee80211_compatible_rates(bss, sband, &rates);
+ } else {
+ rates = ~0;
+ rates_len = sband->n_bitrates;
}
mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
@@ -752,10 +761,7 @@ static void ieee80211_send_assoc(struct net_device *dev,
*pos++ = ifsta->ssid_len;
memcpy(pos, ifsta->ssid, ifsta->ssid_len);
- /* all supported rates should be added here but some APs
- * (e.g. D-Link DAP 1353 in b-only mode) don't like that
- * Therefore only add rates the AP supports */
- rates_len = ieee80211_compatible_rates(bss, sband, &rates);
+ /* add all rates which were marked to be used above */
supp_rates_len = rates_len;
if (supp_rates_len > 8)
supp_rates_len = 8;
On Mon, 2008-05-19 at 16:59 +0200, Helmut Schaa wrote:
> Fix a possible NULL pointer dereference in ieee80211_compatible_rates
> introduced in the patch "mac80211: fix association with some APs". If no bss
> is available just use all supported rates in the association request.
>
> Signed-off-by: Helmut Schaa <[email protected]>
Thanks.
Acked-by: Johannes Berg <[email protected]>
> ---
>
> diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
> index 76ad4ed..7aff784 100644
> --- a/net/mac80211/mlme.c
> +++ b/net/mac80211/mlme.c
> @@ -722,6 +722,15 @@ static void ieee80211_send_assoc(struct net_device *dev,
> if (bss->wmm_ie)
> wmm = 1;
> ieee80211_rx_bss_put(dev, bss);
> +
> + /* get all rates supported by the device and the AP as
> + * some APs don't like getting a superset of their rates
> + * in the association request (e.g. D-Link DAP 1353 in
> + * b-only mode) */
> + rates_len = ieee80211_compatible_rates(bss, sband, &rates);
> + } else {
> + rates = ~0;
> + rates_len = sband->n_bitrates;
> }
>
> mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
> @@ -752,10 +761,7 @@ static void ieee80211_send_assoc(struct net_device *dev,
> *pos++ = ifsta->ssid_len;
> memcpy(pos, ifsta->ssid, ifsta->ssid_len);
>
> - /* all supported rates should be added here but some APs
> - * (e.g. D-Link DAP 1353 in b-only mode) don't like that
> - * Therefore only add rates the AP supports */
> - rates_len = ieee80211_compatible_rates(bss, sband, &rates);
> + /* add all rates which were marked to be used above */
> supp_rates_len = rates_len;
> if (supp_rates_len > 8)
> supp_rates_len = 8;
>
On Mon, May 19, 2008 at 5:59 PM, Helmut Schaa <[email protected]> wrote:
> Fix a possible NULL pointer dereference in ieee80211_compatible_rates
> introduced in the patch "mac80211: fix association with some APs". If no bss
> is available just use all supported rates in the association request.
>
> Signed-off-by: Helmut Schaa <[email protected]>
> ---
>
> diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
> index 76ad4ed..7aff784 100644
> --- a/net/mac80211/mlme.c
> +++ b/net/mac80211/mlme.c
> @@ -722,6 +722,15 @@ static void ieee80211_send_assoc(struct net_device *dev,
> if (bss->wmm_ie)
> wmm = 1;
> ieee80211_rx_bss_put(dev, bss);
> +
> + /* get all rates supported by the device and the AP as
> + * some APs don't like getting a superset of their rates
> + * in the association request (e.g. D-Link DAP 1353 in
> + * b-only mode) */
> + rates_len = ieee80211_compatible_rates(bss, sband, &rates);
Shuldn' t this call ieee80211_rx_bss_put(dev, bss); after calling
ieee80211_compatible_rates()
> + } else {
> + rates = ~0;
> + rates_len = sband->n_bitrates;
> }
>
> mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
> @@ -752,10 +761,7 @@ static void ieee80211_send_assoc(struct net_device *dev,
> *pos++ = ifsta->ssid_len;
> memcpy(pos, ifsta->ssid, ifsta->ssid_len);
>
> - /* all supported rates should be added here but some APs
> - * (e.g. D-Link DAP 1353 in b-only mode) don't like that
> - * Therefore only add rates the AP supports */
> - rates_len = ieee80211_compatible_rates(bss, sband, &rates);
> + /* add all rates which were marked to be used above */
> supp_rates_len = rates_len;
> if (supp_rates_len > 8)
> supp_rates_len = 8;
> --
> To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
On Mon, 2008-05-19 at 20:02 +0300, Tomas Winkler wrote:
> On Mon, May 19, 2008 at 5:59 PM, Helmut Schaa <[email protected]> wrote:
> > Fix a possible NULL pointer dereference in ieee80211_compatible_rates
> > introduced in the patch "mac80211: fix association with some APs". If no bss
> > is available just use all supported rates in the association request.
> >
> > Signed-off-by: Helmut Schaa <[email protected]>
> > ---
> >
> > diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
> > index 76ad4ed..7aff784 100644
> > --- a/net/mac80211/mlme.c
> > +++ b/net/mac80211/mlme.c
> > @@ -722,6 +722,15 @@ static void ieee80211_send_assoc(struct net_device *dev,
> > if (bss->wmm_ie)
> > wmm = 1;
> > ieee80211_rx_bss_put(dev, bss);
> > +
> > + /* get all rates supported by the device and the AP as
> > + * some APs don't like getting a superset of their rates
> > + * in the association request (e.g. D-Link DAP 1353 in
> > + * b-only mode) */
> > + rates_len = ieee80211_compatible_rates(bss, sband, &rates);
>
> Shuldn' t this call ieee80211_rx_bss_put(dev, bss); after calling
> ieee80211_compatible_rates()
Ahrg. Umm, yes, of course. D'oh. I really need to look at things better,
thanks.
johannes