Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8eda10ea authored by Avinash Patil's avatar Avinash Patil Committed by John W. Linville
Browse files

mwifiex: ensure user_scan_in not NULL while setting scan channel gap 



Check for scan channel gap only when user_scan_in is not NULL.
user_scan_in is NULL for internal scans and if we check scan channel gap
at this place, it may result into crash.

Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarAvinash Patil <patila@marvell.com>
Signed-off-by: default avatarCathy Luo <cluo@marvell.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent cb35582a

drivers/net/wireless/mwifiex/scan.c

+17 −16
Original line number Diff line number Diff line
@@ -926,24 +926,12 @@ mwifiex_config_scan(struct mwifiex_private *priv, 
		if ((i && ssid_filter) ||

		    !is_zero_ether_addr(scan_cfg_out->specific_bssid))

			*filtered_scan = true;

	} else {

		scan_cfg_out->bss_mode = (u8) adapter->scan_mode;

		num_probes = adapter->scan_probes;

	}



	/*

	 *  If a specific BSSID or SSID is used, the number of channels in the

	 *  scan command will be increased to the absolute maximum.

	 */

	if (*filtered_scan)

		*max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;

	else

		*max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD;



		if (user_scan_in->scan_chan_gap) {

		*max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;

			dev_dbg(adapter->dev, "info: scan: channel gap = %d\n",

				user_scan_in->scan_chan_gap);

			*max_chan_per_scan =

					MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;



			chan_gap_tlv = (void *)tlv_pos;

			chan_gap_tlv->header.type =
@@ -952,9 +940,22 @@ mwifiex_config_scan(struct mwifiex_private *priv, 
				    cpu_to_le16(sizeof(chan_gap_tlv->chan_gap));

			chan_gap_tlv->chan_gap =

				     cpu_to_le16((user_scan_in->scan_chan_gap));



		tlv_pos += sizeof(struct mwifiex_ie_types_scan_chan_gap);

			tlv_pos +=

				  sizeof(struct mwifiex_ie_types_scan_chan_gap);

		}

	} else {

		scan_cfg_out->bss_mode = (u8) adapter->scan_mode;

		num_probes = adapter->scan_probes;

	}



	/*

	 *  If a specific BSSID or SSID is used, the number of channels in the

	 *  scan command will be increased to the absolute maximum.

	 */

	if (*filtered_scan)

		*max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;

	else

		*max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD;



	/* If the input config or adapter has the number of Probes set,

	   add tlv */