Return-path: Received: from 128-177-27-249.ip.openhosting.com ([128.177.27.249]:37076 "EHLO jmalinen.user.openhosting.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752882AbYLQMDP (ORCPT ); Wed, 17 Dec 2008 07:03:15 -0500 Date: Wed, 17 Dec 2008 14:02:50 +0200 From: Jouni Malinen To: Johannes Berg Cc: Jouni Malinen , "John W. Linville" , linux-wireless@vger.kernel.org Subject: Re: [PATCH] ath9k: Fix a NULL pointer dereference in ath_rate_get Message-ID: <20081217120250.GA19453@jm.kir.nu> (sfid-20081217_130326_354011_E7F573AA) References: <20081217113031.GA18060@jm.kir.nu> <1229513456.4566.2.camel@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <1229513456.4566.2.camel@localhost> Sender: linux-wireless-owner@vger.kernel.org List-ID: On Wed, Dec 17, 2008 at 12:30:56PM +0100, Johannes Berg wrote: > On Wed, 2008-12-17 at 13:30 +0200, Jouni Malinen wrote: > > It looks like mac80211 may try to send unicast frames to a STA that > > does not have a STA entry. We need to make sure that that is caught in > > the rate control code before dereferencing STA data. > > This should only happen for injected packets, can you verify? OTOH, AP > mode obviously has injected packets (auth response, ...) I did not check what the exact frame was, but this was indeed in AP mode and the frame was most likely from hostapd and as such, an injected packet. -- Jouni Malinen PGP id EFC895FA