mwifiex: ensure user_scan_in not NULL while setting scan channel gap

Check for scan channel gap only when user_scan_in is not NULL. user_scan_in is NULL for internal scans and if we check scan channel gap at this place, it may result into crash. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>

mwifiex: ensure user_scan_in not NULL while setting scan channel gap
Check for scan channel gap only when user_scan_in is not NULL. user_scan_in is NULL for internal scans and if we check scan channel gap at this place, it may result into crash. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
8eda10ea · Avinash Patil · John W. Linville · cb35582a · 8eda10ea
Commit 8eda10ea authored Sep 17, 2014 by Avinash Patil Committed by John W. Linville Sep 26, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 16 deletions

drivers/net/wireless/mwifiex/scan.c drivers/net/wireless/mwifiex/scan.c +17 -16

No files found.
--- a/drivers/net/wireless/mwifiex/scan.c
+++ b/drivers/net/wireless/mwifiex/scan.c
@@ -926,6 +926,23 @@ mwifiex_config_scan(struct mwifiex_private *priv,
 		if ((i && ssid_filter) ||
 		    !is_zero_ether_addr(scan_cfg_out->specific_bssid))
 			*filtered_scan = true;
+		if (user_scan_in->scan_chan_gap) {
+			dev_dbg(adapter->dev, "info: scan: channel gap = %d\n",
+				user_scan_in->scan_chan_gap);
+			*max_chan_per_scan =
+					MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;
+			chan_gap_tlv = (void *)tlv_pos;
+			chan_gap_tlv->header.type =
+					 cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP);
+			chan_gap_tlv->header.len =
+				    cpu_to_le16(sizeof(chan_gap_tlv->chan_gap));
+			chan_gap_tlv->chan_gap =
+				     cpu_to_le16((user_scan_in->scan_chan_gap));
+			tlv_pos +=
+				  sizeof(struct mwifiex_ie_types_scan_chan_gap);
+		}
 	} else {
 		scan_cfg_out->bss_mode = (u8) adapter->scan_mode;
 		num_probes = adapter->scan_probes;
@@ -940,22 +957,6 @@ mwifiex_config_scan(struct mwifiex_private *priv,
 	else
 		*max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD;
-	if (user_scan_in->scan_chan_gap) {
-		*max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;
-		dev_dbg(adapter->dev, "info: scan: channel gap = %d\n",
-			user_scan_in->scan_chan_gap);
-		chan_gap_tlv = (void *)tlv_pos;
-		chan_gap_tlv->header.type =
-					 cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP);
-		chan_gap_tlv->header.len =
-			cpu_to_le16(sizeof(chan_gap_tlv->chan_gap));
-		chan_gap_tlv->chan_gap =
-				     cpu_to_le16((user_scan_in->scan_chan_gap));
-		tlv_pos += sizeof(struct mwifiex_ie_types_scan_chan_gap);
-	}
 	/* If the input config or adapter has the number of Probes set,
 	   add tlv */
 	if (num_probes) {