cfg80211: fix regulatory NULL dereference
authorJohannes Berg <johannes.berg@intel.com>
Mon, 21 Nov 2011 09:44:00 +0000 (10:44 +0100)
committerJohn W. Linville <linville@tuxdriver.com>
Mon, 21 Nov 2011 19:45:20 +0000 (14:45 -0500)
By the time userspace returns with a response to
the regulatory domain request, the wiphy causing
the request might have gone away. If this is so,
reject the update but mark the request as having
been processed anyway.

Cc: Luis R. Rodriguez <lrodriguez@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
net/wireless/reg.c

index bc1ec2c26fd02c1600b8c2c7db44d592916e75c5..186b7f2a27b6d57b309716eb7bd8eabfed059995 100644 (file)
@@ -2035,6 +2035,10 @@ static int __set_regdom(const struct ieee80211_regdomain *rd)
        }
 
        request_wiphy = wiphy_idx_to_wiphy(last_request->wiphy_idx);
+       if (!request_wiphy) {
+               reg_set_request_processed();
+               return -ENODEV;
+       }
 
        if (!last_request->intersect) {
                int r;