Commit c0e30763 authored by Javier Lopez's avatar Javier Lopez Committed by Johannes Berg

mac80211_hwsim: Fix NULL pointer dereference

mac80211_hwsim was crashing when receiving tx information from user
space. Crash happens because txi->rate_driver_data[0] is pointing to a
non valid memory address.

This code path is only used by wmediumd and wmediumd doesn't provide
multiple channel support, so we can pass the channel struct
(data2->channel) directly to mac80211_hwsim_monitor_ack function.
Signed-off-by: default avatarJavier Lopez <jlopex@cozybit.com>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent bd02cd25
...@@ -2011,7 +2011,7 @@ static int hwsim_tx_info_frame_received_nl(struct sk_buff *skb_2, ...@@ -2011,7 +2011,7 @@ static int hwsim_tx_info_frame_received_nl(struct sk_buff *skb_2,
(hwsim_flags & HWSIM_TX_STAT_ACK)) { (hwsim_flags & HWSIM_TX_STAT_ACK)) {
if (skb->len >= 16) { if (skb->len >= 16) {
hdr = (struct ieee80211_hdr *) skb->data; hdr = (struct ieee80211_hdr *) skb->data;
mac80211_hwsim_monitor_ack(txi->rate_driver_data[0], mac80211_hwsim_monitor_ack(data2->channel,
hdr->addr2); hdr->addr2);
} }
txi->flags |= IEEE80211_TX_STAT_ACK; txi->flags |= IEEE80211_TX_STAT_ACK;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment