Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c1e3f64f authored by Gustavo A. R. Silva's avatar Gustavo A. R. Silva Committed by Kalle Valo
Browse files

qtnfmac: fix NULL pointer dereference 



In case *vif* is NULL at 655: if (!vif), the execution path jumps to
label out, where *vif* is dereferenced at 679:

if (vif->sta_state == QTNF_STA_CONNECTING)

Fix this by immediately returning when *vif* is NULL instead of
jumping to label out.

Addresses-Coverity-ID: 1469567 ("Dereference after null check")
Fixes: 480daa9c ("qtnfmac: fix invalid STA state on EAPOL failure")
Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: default avatarSergey Matyukevich <sergey.matyukevich.os@quanenna.com>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
parent ce397d21

drivers/net/wireless/quantenna/qtnfmac/cfg80211.c

+1 −2
Original line number Diff line number Diff line
@@ -654,8 +654,7 @@ qtnf_disconnect(struct wiphy *wiphy, struct net_device *dev, 
	vif = qtnf_mac_get_base_vif(mac);

	if (!vif) {

		pr_err("MAC%u: primary VIF is not configured\n", mac->macid);

		ret = -EFAULT;

		goto out;

		return -EFAULT;

	}



	if (vif->wdev.iftype != NL80211_IFTYPE_STATION) {