From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Date: Thu, 26 Jun 2008 09:13:46 +0000 (+0300)
Subject: mac80211: fix an oops in several failure paths in key allocation
X-Git-Tag: firefly_0821_release~19855^2~25
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=00eb7fe77eb455f807c396f9917f0f623d4c84bb;p=firefly-linux-kernel-4.4.55.git

mac80211: fix an oops in several failure paths in key allocation

This patch fixes an oops in several failure paths in key allocation. This
Oops occurs when freeing a key that has not been linked yet, so the
key->sdata is not set.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
---

diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 150d66dbda9d..220e83be3ef4 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -380,6 +380,15 @@ void ieee80211_key_free(struct ieee80211_key *key)
 	if (!key)
 		return;
 
+	if (!key->sdata) {
+		/* The key has not been linked yet, simply free it
+		 * and don't Oops */
+		if (key->conf.alg == ALG_CCMP)
+			ieee80211_aes_key_free(key->u.ccmp.tfm);
+		kfree(key);
+		return;
+	}
+
 	spin_lock_irqsave(&key->sdata->local->key_lock, flags);
 	__ieee80211_key_free(key);
 	spin_unlock_irqrestore(&key->sdata->local->key_lock, flags);