cfg80211: fix NULL dereference in IBSS SIOCGIWAP

This patch avoids memcpy from wdev->wext.ibss.bssid if it is NULL.
This could happen if we SIOCGIWAP before SIOCSIWAP.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

diff --git a/net/wireless/ibss.c b/net/wireless/ibss.c
index 9394e78cd11fe0544a11329e41091976f3b46bfc..8b65e212ae49b9942347128e54fd249017dbef70 100644 (file)
--- a/net/wireless/ibss.c
+++ b/net/wireless/ibss.c
@@ -487,8 +487,11 @@ int cfg80211_ibss_wext_giwap(struct net_device *dev,
        wdev_lock(wdev);
        if (wdev->current_bss)
                memcpy(ap_addr->sa_data, wdev->current_bss->pub.bssid, ETH_ALEN);
-       else
+       else if (wdev->wext.ibss.bssid)
                memcpy(ap_addr->sa_data, wdev->wext.ibss.bssid, ETH_ALEN);
+       else
+               memset(ap_addr->sa_data, 0, ETH_ALEN);
+
        wdev_unlock(wdev);
 
        return 0;