From 477778bb0e7c671860528946b412294684337c5e Mon Sep 17 00:00:00 2001 From: Amitkumar Karwar Date: Wed, 1 Feb 2012 20:41:44 -0800 Subject: [PATCH] mwifiex: fix NULL pointer dereference in set_channel() In set_channel() callback handler, "priv" pointer is derived from net_device. Sometimes net_device pointer coming from the stack is NULL which causes kernel crash. This patch fixes the problem by deriving "priv" from wiphy when net_device pointer is NULL. Signed-off-by: Amitkumar Karwar Signed-off-by: Bing Zhao Signed-off-by: John W. Linville --- drivers/net/wireless/mwifiex/cfg80211.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c index 6fef4925d13a..54e45c829c53 100644 --- a/drivers/net/wireless/mwifiex/cfg80211.c +++ b/drivers/net/wireless/mwifiex/cfg80211.c @@ -376,7 +376,12 @@ mwifiex_cfg80211_set_channel(struct wiphy *wiphy, struct net_device *dev, struct ieee80211_channel *chan, enum nl80211_channel_type channel_type) { - struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev); + struct mwifiex_private *priv; + + if (dev) + priv = mwifiex_netdev_get_priv(dev); + else + priv = mwifiex_cfg80211_get_priv(wiphy); if (priv->media_connected) { wiphy_err(wiphy, "This setting is valid only when station "