rsi: Fix NULL pointer dereference in kmalloc (d5414c23) · Commits · e / devices / android_kernel_fairphone_FP5

drivers/net/wireless/rsi/rsi_91x_mac80211.c

+18 −12

Original line number	Diff line number	Diff line
		@@ -188,27 +188,27 @@ bool rsi_is_cipher_wep(struct rsi_common *common)
		* @adapter: Pointer to the adapter structure.
		* @band: Operating band to be set.
		*
		* Return: None.
		* Return: int - 0 on success, negative error on failure.
		*/
		static void rsi_register_rates_channels(struct rsi_hw *adapter, int band)
		static int rsi_register_rates_channels(struct rsi_hw *adapter, int band)
		{
		struct ieee80211_supported_band *sbands = &adapter->sbands[band];
		void *channels = NULL;

		if (band == NL80211_BAND_2GHZ) {
		channels = kmalloc(sizeof(rsi_2ghz_channels), GFP_KERNEL);
		memcpy(channels,
		rsi_2ghz_channels,
		sizeof(rsi_2ghz_channels));
		channels = kmemdup(rsi_2ghz_channels, sizeof(rsi_2ghz_channels),
		GFP_KERNEL);
		if (!channels)
		return -ENOMEM;
		sbands->band = NL80211_BAND_2GHZ;
		sbands->n_channels = ARRAY_SIZE(rsi_2ghz_channels);
		sbands->bitrates = rsi_rates;
		sbands->n_bitrates = ARRAY_SIZE(rsi_rates);
		} else {
		channels = kmalloc(sizeof(rsi_5ghz_channels), GFP_KERNEL);
		memcpy(channels,
		rsi_5ghz_channels,
		sizeof(rsi_5ghz_channels));
		channels = kmemdup(rsi_5ghz_channels, sizeof(rsi_5ghz_channels),
		GFP_KERNEL);
		if (!channels)
		return -ENOMEM;
		sbands->band = NL80211_BAND_5GHZ;
		sbands->n_channels = ARRAY_SIZE(rsi_5ghz_channels);
		sbands->bitrates = &rsi_rates[4];
		@@ -227,6 +227,7 @@ static void rsi_register_rates_channels(struct rsi_hw *adapter, int band)
		sbands->ht_cap.mcs.rx_mask[0] = 0xff;
		sbands->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
		/* sbands->ht_cap.mcs.rx_highest = 0x82; */
		return 0;
		}

		static int rsi_mac80211_hw_scan_start(struct ieee80211_hw *hw,
		@@ -2064,11 +2065,16 @@ int rsi_mac80211_attach(struct rsi_common *common)
		wiphy->available_antennas_rx = 1;
		wiphy->available_antennas_tx = 1;

		rsi_register_rates_channels(adapter, NL80211_BAND_2GHZ);
		status = rsi_register_rates_channels(adapter, NL80211_BAND_2GHZ);
		if (status)
		return status;
		wiphy->bands[NL80211_BAND_2GHZ] =
		&adapter->sbands[NL80211_BAND_2GHZ];
		if (common->num_supp_bands > 1) {
		rsi_register_rates_channels(adapter, NL80211_BAND_5GHZ);
		status = rsi_register_rates_channels(adapter,
		NL80211_BAND_5GHZ);
		if (status)
		return status;
		wiphy->bands[NL80211_BAND_5GHZ] =
		&adapter->sbands[NL80211_BAND_5GHZ];
		}