mac80211/minstrel: fix NULL pointer dereference issue

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

When priv_sta == NULL, mi->prev_sample is dereferenced too early. Move
the assignment further down, after the rate_control_send_low call.

Reported-by: Krzysztof Mazur <krzysiek@podlesie.net>
Cc: stable@vger.kernel.org # 3.10
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

authored by

Felix Fietkau and committed by

Johannes Berg 12 years ago 5c9fc93b 6b0f3274

+2 -1

1 changed file

expand all

net

mac80211

rc80211_minstrel.c

+2 -1

net/mac80211/rc80211_minstrel.c

··· 290 290 struct minstrel_rate *msr, *mr; 291 291 unsigned int ndx; 292 292 bool mrr_capable; 293 - bool prev_sample = mi->prev_sample; 293 + bool prev_sample; 294 294 int delta; 295 295 int sampling_ratio; 296 296 ··· 314 314 (mi->sample_count + mi->sample_deferred / 2); 315 315 316 316 /* delta < 0: no sampling required */ 317 + prev_sample = mi->prev_sample; 317 318 mi->prev_sample = false; 318 319 if (delta < 0 || (!mrr_capable && prev_sample)) 319 320 return;