Commit 2d319867 authored by Johannes Berg's avatar Johannes Berg

regulatory: fix restore_regulatory_settings

My commit 379b82f4
("regulatory: pass new regdomain to reset function")
broke the restore_regulatory_settings() function due
to a logic change. Consider this change:

-	reset_regdomains(true);
-	cfg80211_regdomain = cfg80211_world_regdom;
+	reset_regdomains(true, cfg80211_world_regdom);

This looks innocent enough, until you realise that the
called function (reset_regdomains) also resets the
cfg80211_world_regdom pointer, so that the old version
of the code would use the new object it pointed to and
the new version of the code uses the old object. This
lead to a double-free of this object.

Since reset_regdomains() sets it to &world_regdom, use
that directly.
Reported-by: default avatarSujith Manoharan <sujith@msujith.org>
Tested-by: default avatarSujith Manoharan <sujith@msujith.org>
Reported-by: default avatarBob Copeland <me@bobcopeland.com>
Reported-by: default avatarEmmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 4a484cff
......@@ -1848,7 +1848,7 @@ static void restore_regulatory_settings(bool reset_user)
mutex_lock(&cfg80211_mutex);
mutex_lock(&reg_mutex);
reset_regdomains(true, cfg80211_world_regdom);
reset_regdomains(true, &world_regdom);
restore_alpha2(alpha2, reset_user);
/*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment