diff options
author | Avinash Patil <patila@marvell.com> | 2014-09-17 19:31:26 +0200 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2014-09-26 23:06:50 +0200 |
commit | 8eda10eaa18709e951b5d5fbbf673543365a4455 (patch) | |
tree | 3caaf2ac5a64fc9916a8da3719c4423765dde14d | |
parent | ath9k: Cache BSS information (diff) | |
download | linux-8eda10eaa18709e951b5d5fbbf673543365a4455.tar.xz linux-8eda10eaa18709e951b5d5fbbf673543365a4455.zip |
mwifiex: ensure user_scan_in not NULL while setting scan channel gap
Check for scan channel gap only when user_scan_in is not NULL.
user_scan_in is NULL for internal scans and if we check scan channel gap
at this place, it may result into crash.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Cathy Luo <cluo@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r-- | drivers/net/wireless/mwifiex/scan.c | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/drivers/net/wireless/mwifiex/scan.c b/drivers/net/wireless/mwifiex/scan.c index c09ebeee6ddf..ca64d4c94112 100644 --- a/drivers/net/wireless/mwifiex/scan.c +++ b/drivers/net/wireless/mwifiex/scan.c @@ -926,6 +926,23 @@ mwifiex_config_scan(struct mwifiex_private *priv, if ((i && ssid_filter) || !is_zero_ether_addr(scan_cfg_out->specific_bssid)) *filtered_scan = true; + + if (user_scan_in->scan_chan_gap) { + dev_dbg(adapter->dev, "info: scan: channel gap = %d\n", + user_scan_in->scan_chan_gap); + *max_chan_per_scan = + MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN; + + chan_gap_tlv = (void *)tlv_pos; + chan_gap_tlv->header.type = + cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP); + chan_gap_tlv->header.len = + cpu_to_le16(sizeof(chan_gap_tlv->chan_gap)); + chan_gap_tlv->chan_gap = + cpu_to_le16((user_scan_in->scan_chan_gap)); + tlv_pos += + sizeof(struct mwifiex_ie_types_scan_chan_gap); + } } else { scan_cfg_out->bss_mode = (u8) adapter->scan_mode; num_probes = adapter->scan_probes; @@ -940,22 +957,6 @@ mwifiex_config_scan(struct mwifiex_private *priv, else *max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD; - if (user_scan_in->scan_chan_gap) { - *max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN; - dev_dbg(adapter->dev, "info: scan: channel gap = %d\n", - user_scan_in->scan_chan_gap); - - chan_gap_tlv = (void *)tlv_pos; - chan_gap_tlv->header.type = - cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP); - chan_gap_tlv->header.len = - cpu_to_le16(sizeof(chan_gap_tlv->chan_gap)); - chan_gap_tlv->chan_gap = - cpu_to_le16((user_scan_in->scan_chan_gap)); - - tlv_pos += sizeof(struct mwifiex_ie_types_scan_chan_gap); - } - /* If the input config or adapter has the number of Probes set, add tlv */ if (num_probes) { |