From: Mohammed Shafi Shajakhan Date: Mon, 5 Aug 2013 04:49:22 +0000 (+0530) Subject: ath6kl: Fix invalid pointer access on fuzz testing with AP mode X-Git-Tag: firefly_0821_release~176^2~4992^2~225^2~25^2~70 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=9d0e2f0772d394060bf3b17cd1f3a35574365103;p=firefly-linux-kernel-4.4.55.git ath6kl: Fix invalid pointer access on fuzz testing with AP mode In our Fuz testing, reference client corrupts the dest mac to "00:00:00:00:00:00" in the WPA2 handshake no 2. During driver init the sta_list entries mac addresses are by default "00:00:00:00:00:00". Driver returns an invalid pointer (conn) and the drver shall crash, if rxtids (aggr_conn) skb queues are accessed, since they would not be initialized. Signed-off-by: Mohammed Shafi Shajakhan Signed-off-by: Kalle Valo --- diff --git a/drivers/net/wireless/ath/ath6kl/main.c b/drivers/net/wireless/ath/ath6kl/main.c index d4fcfcad57d0..5839fc23bdc7 100644 --- a/drivers/net/wireless/ath/ath6kl/main.c +++ b/drivers/net/wireless/ath/ath6kl/main.c @@ -29,6 +29,9 @@ struct ath6kl_sta *ath6kl_find_sta(struct ath6kl_vif *vif, u8 *node_addr) struct ath6kl_sta *conn = NULL; u8 i, max_conn; + if (is_zero_ether_addr(node_addr)) + return NULL; + max_conn = (vif->nw_type == AP_NETWORK) ? AP_MAX_NUM_STA : 0; for (i = 0; i < max_conn; i++) {