mac80211: fix tx->skb NULL pointer dereference (d32a1028) · Commits · e / devices / android_kernel_oneplus_sm7250

net/mac80211/tx.c

+1 −9

Original line number	Diff line number	Diff line
		@@ -1001,8 +1001,6 @@ ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
		static ieee80211_tx_result debug_noinline
		ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
		{
		struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);

		if (!tx->key)
		return TX_CONTINUE;

		@@ -1017,13 +1015,7 @@ ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
		case WLAN_CIPHER_SUITE_AES_CMAC:
		return ieee80211_crypto_aes_cmac_encrypt(tx);
		default:
		/* handle hw-only algorithm */
		if (info->control.hw_key) {
		ieee80211_tx_set_protected(tx);
		return TX_CONTINUE;
		}
		break;

		return ieee80211_crypto_hw_encrypt(tx);
		}

		return TX_DROP;

+19 −0

Original line number	Diff line number	Diff line
		@@ -643,3 +643,22 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)

		return RX_CONTINUE;
		}

		ieee80211_tx_result
		ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx)
		{
		struct sk_buff *skb;
		struct ieee80211_tx_info *info = NULL;

		skb_queue_walk(&tx->skbs, skb) {
		info = IEEE80211_SKB_CB(skb);

		/* handle hw-only algorithm */
		if (!info->control.hw_key)
		return TX_DROP;
		}

		ieee80211_tx_set_protected(tx);

		return TX_CONTINUE;
		}

+2 −0

Original line number	Diff line number	Diff line
		@@ -32,5 +32,7 @@ ieee80211_tx_result
		ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx);
		ieee80211_rx_result
		ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx);
		ieee80211_tx_result
		ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx);

		#endif /* WPA_H */