From: Arik Nemtsov Date: Mon, 9 Jul 2012 16:57:28 +0000 (+0300) Subject: mac80211: fix invalid band deref building preq IEs X-Git-Tag: firefly_0821_release~3680^2~2381^2~57^2~1^2~29 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=d811b3d5566f1441b321a1219c260124b209e0bd;p=firefly-linux-kernel-4.4.55.git mac80211: fix invalid band deref building preq IEs The function building probe-request IEs does not validate the band is supported before dereferencing it. This can result in a panic when all bands are traversed, as done during sched-scan start. Warn when this happens and return an empty probe request. Also fix sched-scan to not waste memory on unsupported bands. Signed-off-by: Arik Nemtsov Signed-off-by: Johannes Berg --- diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 379f178eab5f..1ff04f689d1f 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -928,6 +928,9 @@ int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, } for (i = 0; i < IEEE80211_NUM_BANDS; i++) { + if (!local->hw.wiphy->bands[i]) + continue; + local->sched_scan_ies.ie[i] = kzalloc(2 + IEEE80211_MAX_SSID_LEN + local->scan_ies_len + diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 64493a7bef1a..596db0c2a113 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -999,6 +999,8 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer, int ext_rates_len; sband = local->hw.wiphy->bands[band]; + if (WARN_ON_ONCE(!sband)) + return 0; pos = buffer;