From: John Crispin Date: Fri, 30 Jan 2015 08:06:28 +0000 (+0000) Subject: mac80211: fix NULL pointer crash in monitor frame injection TX path X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=b86545c86dbb407b3d27f20d56fbaad3154c0d75;p=openwrt%2Fstaging%2Fthess.git mac80211: fix NULL pointer crash in monitor frame injection TX path This "patch to the patch" fixes a NULL pointer derefence crash in the new intermediate software queues. The crash can be reproduced by injecting an 802.11 frame with a BSSID that does not belong to a configured vif. The wperf tool (https://github.com/anyfi/wperf) may be convenient for doing this. Signed-off-by: Johan Almbladh SVN-Revision: 44220 --- diff --git a/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch b/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch index ce5d4dcc3e..a9e95fff6e 100644 --- a/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch +++ b/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch @@ -384,7 +384,7 @@ Signed-off-by: Felix Fietkau + if (pubsta) { + u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK; + pubtxq = pubsta->txq[tid]; -+ } else { ++ } else if (vif) { + pubtxq = vif->txq; + } +