staging: wilc1000: fix NULL dereference inside wilc_scan()

Added NULL check before accessing 'hidden_net' pointer inside
wilc_scan() to fix the issue found by static code checker.

Fixes: 8f1a0ac1eba7 ("staging: wilc1000: handle scan operation callback from cfg80211 context")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c
index b8603f2f777bc16a4699889fa6da476c979915c9..70c854d939cee222cda5e66618b6a30aca589999 100644 (file)
--- a/drivers/staging/wilc1000/host_interface.c
+++ b/drivers/staging/wilc1000/host_interface.c
@@ -246,27 +246,29 @@ int wilc_scan(struct wilc_vif *vif, u8 scan_source, u8 scan_type,
 
        hif_drv->usr_scan_req.ch_cnt = 0;
 
-       wid_list[index].id = WID_SSID_PROBE_REQ;
-       wid_list[index].type = WID_STR;
-
-       for (i = 0; i < hidden_net->n_ssids; i++)
-               valuesize += ((hidden_net->net_info[i].ssid_len) + 1);
-       hdn_ntwk_wid_val = kmalloc(valuesize + 1, GFP_KERNEL);
-       wid_list[index].val = hdn_ntwk_wid_val;
-       if (wid_list[index].val) {
-               buffer = wid_list[index].val;
-
-               *buffer++ = hidden_net->n_ssids;
-
-               for (i = 0; i < hidden_net->n_ssids; i++) {
-                       *buffer++ = hidden_net->net_info[i].ssid_len;
-                       memcpy(buffer, hidden_net->net_info[i].ssid,
-                              hidden_net->net_info[i].ssid_len);
-                       buffer += hidden_net->net_info[i].ssid_len;
-               }
+       if (hidden_net) {
+               wid_list[index].id = WID_SSID_PROBE_REQ;
+               wid_list[index].type = WID_STR;
+
+               for (i = 0; i < hidden_net->n_ssids; i++)
+                       valuesize += ((hidden_net->net_info[i].ssid_len) + 1);
+               hdn_ntwk_wid_val = kmalloc(valuesize + 1, GFP_KERNEL);
+               wid_list[index].val = hdn_ntwk_wid_val;
+               if (wid_list[index].val) {
+                       buffer = wid_list[index].val;
+
+                       *buffer++ = hidden_net->n_ssids;
+
+                       for (i = 0; i < hidden_net->n_ssids; i++) {
+                               *buffer++ = hidden_net->net_info[i].ssid_len;
+                               memcpy(buffer, hidden_net->net_info[i].ssid,
+                                      hidden_net->net_info[i].ssid_len);
+                               buffer += hidden_net->net_info[i].ssid_len;
+                       }
 
-               wid_list[index].size = (s32)(valuesize + 1);
-               index++;
+                       wid_list[index].size = (s32)(valuesize + 1);
+                       index++;
+               }
        }
 
        wid_list[index].id = WID_INFO_ELEMENT_PROBE;
@@ -316,8 +318,10 @@ int wilc_scan(struct wilc_vif *vif, u8 scan_source, u8 scan_type,
                  jiffies + msecs_to_jiffies(HOST_IF_SCAN_TIMEOUT));
 
 error:
-       kfree(hidden_net->net_info);
-       kfree(hdn_ntwk_wid_val);
+       if (hidden_net) {
+               kfree(hidden_net->net_info);
+               kfree(hdn_ntwk_wid_val);
+       }
 
        return result;
 }