mac80211/minstrel: fix NULL pointer dereference issue

When priv_sta == NULL, mi->prev_sample is dereferenced too early. Move the assignment further down, after the rate_control_send_low call. Reported-by: Krzysztof Mazur <krzysiek@podlesie.net> Cc: stable@vger.kernel.org # 3.10 Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>

mac80211/minstrel: fix NULL pointer dereference issue
When priv_sta == NULL, mi->prev_sample is dereferenced too early. Move the assignment further down, after the rate_control_send_low call. Reported-by: Krzysztof Mazur <krzysiek@podlesie.net> Cc: stable@vger.kernel.org # 3.10 Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
5c9fc93b · Felix Fietkau · Johannes Berg · 6b0f3274 · 5c9fc93b
Commit 5c9fc93b authored Jul 15, 2013 by Felix Fietkau Committed by Johannes Berg Jul 16, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

net/mac80211/rc80211_minstrel.c net/mac80211/rc80211_minstrel.c +2 -1

No files found.
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -290,7 +290,7 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta,
 	struct minstrel_rate *msr, *mr;
 	unsigned int ndx;
 	bool mrr_capable;
-	bool prev_sample = mi->prev_sample;
+	bool prev_sample;
 	int delta;
 	int sampling_ratio;
@@ -314,6 +314,7 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta,
 			(mi->sample_count + mi->sample_deferred / 2);
 	/* delta < 0: no sampling required */
+	prev_sample = mi->prev_sample;
 	mi->prev_sample = false;
 	if (delta < 0 || (!mrr_capable && prev_sample))
 		return;