mwifiex: fix NULL pointer dereference in set_channel()
authorAmitkumar Karwar <akarwar@marvell.com>
Thu, 2 Feb 2012 04:41:44 +0000 (20:41 -0800)
committerJohn W. Linville <linville@tuxdriver.com>
Mon, 6 Feb 2012 19:55:50 +0000 (14:55 -0500)
In set_channel() callback handler, "priv" pointer is derived from
net_device. Sometimes net_device pointer coming from the stack
is NULL which causes kernel crash.
This patch fixes the problem by deriving "priv" from wiphy
when net_device pointer is NULL.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/mwifiex/cfg80211.c

index 6fef4925d13af1245f617939ee0a94e0e0664738..54e45c829c5399eea18c60996c9e5dc2ac3f7992 100644 (file)
@@ -376,7 +376,12 @@ mwifiex_cfg80211_set_channel(struct wiphy *wiphy, struct net_device *dev,
                             struct ieee80211_channel *chan,
                             enum nl80211_channel_type channel_type)
 {
-       struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev);
+       struct mwifiex_private *priv;
+
+       if (dev)
+               priv = mwifiex_netdev_get_priv(dev);
+       else
+               priv = mwifiex_cfg80211_get_priv(wiphy);
 
        if (priv->media_connected) {
                wiphy_err(wiphy, "This setting is valid only when station "