cfg80211: fix NULL pointer derference when querying regdb

Some drivers may call this function when regdb is not initialized yet,
so we need to make sure regdb is valid before trying to access it.

Make sure regdb is initialized before trying to access it in
reg_query_regdb_wmm() and query_regdb().

Reported-by: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index ac3e12c32aa30053a110d6a46f5bb813d660c8b6..5fcec5c94eb727cafd5a5168f7634eaec59b11d1 100644 (file)
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -916,6 +916,9 @@ int reg_query_regdb_wmm(char *alpha2, int freq, u32 *dbptr,
        const struct fwdb_header *hdr = regdb;
        const struct fwdb_country *country;
 
+       if (!regdb)
+               return -ENODATA;
+
        if (IS_ERR(regdb))
                return PTR_ERR(regdb);