Commit a401d2bb363d942245acdd81c5b5a754011696ee
Committed by
John W. Linville
John W. Linville
1 parent
70126f6105
Exists in
master
and in
4 other branches
cfg80211: fix scan crash on single-band cards
commit 58389c69150e6032504dfcd3edca6b1975c8b5bc
Author: Johannes Berg <johannes.berg@intel.com>
Date: Mon Jul 18 18:08:35 2011 +0200
cfg80211: allow userspace to control supported rates in scan
made single-band cards crash since it would always
access all wiphy->bands[]. Fix this and reject any
attempts in the new helper ieee80211_get_ratemask()
to do the same, rejecting rates configuration for
unsupported bands.
Reported-by: Pavel Roskin <proski@gnu.org>
Tested-by: Pavel Roskin <proski@gnu.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Showing 3 changed files with 8 additions and 2 deletions Side-by-side Diff
net/wireless/nl80211.c
| ... | ... | @@ -3454,7 +3454,9 @@ |
| 3454 | 3454 | } |
| 3455 | 3455 | |
| 3456 | 3456 | for (i = 0; i < IEEE80211_NUM_BANDS; i++) |
| 3457 | - request->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1; | |
| 3457 | + if (wiphy->bands[i]) | |
| 3458 | + request->rates[i] = | |
| 3459 | + (1 << wiphy->bands[i]->n_bitrates) - 1; | |
| 3458 | 3460 | |
| 3459 | 3461 | if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { |
| 3460 | 3462 | nla_for_each_nested(attr, |
net/wireless/scan.c
| ... | ... | @@ -863,7 +863,8 @@ |
| 863 | 863 | } |
| 864 | 864 | |
| 865 | 865 | for (i = 0; i < IEEE80211_NUM_BANDS; i++) |
| 866 | - creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1; | |
| 866 | + if (wiphy->bands[i]) | |
| 867 | + creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1; | |
| 867 | 868 | |
| 868 | 869 | rdev->scan_req = creq; |
| 869 | 870 | err = rdev->ops->scan(wiphy, dev, creq); |