rsi: Fix NULL pointer dereference in kmalloc
kmalloc can fail in rsi_register_rates_channels but memcpy still attempts to write to channels. The patch replaces these calls with kmemdup and passes the error upstream. Signed-off-by: Aditya Pakki <pakki001@umn.edu> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This commit is contained in:
parent
9490c56024
commit
d5414c2355
|
@ -188,27 +188,27 @@ bool rsi_is_cipher_wep(struct rsi_common *common)
|
|||
* @adapter: Pointer to the adapter structure.
|
||||
* @band: Operating band to be set.
|
||||
*
|
||||
* Return: None.
|
||||
* Return: int - 0 on success, negative error on failure.
|
||||
*/
|
||||
static void rsi_register_rates_channels(struct rsi_hw *adapter, int band)
|
||||
static int rsi_register_rates_channels(struct rsi_hw *adapter, int band)
|
||||
{
|
||||
struct ieee80211_supported_band *sbands = &adapter->sbands[band];
|
||||
void *channels = NULL;
|
||||
|
||||
if (band == NL80211_BAND_2GHZ) {
|
||||
channels = kmalloc(sizeof(rsi_2ghz_channels), GFP_KERNEL);
|
||||
memcpy(channels,
|
||||
rsi_2ghz_channels,
|
||||
sizeof(rsi_2ghz_channels));
|
||||
channels = kmemdup(rsi_2ghz_channels, sizeof(rsi_2ghz_channels),
|
||||
GFP_KERNEL);
|
||||
if (!channels)
|
||||
return -ENOMEM;
|
||||
sbands->band = NL80211_BAND_2GHZ;
|
||||
sbands->n_channels = ARRAY_SIZE(rsi_2ghz_channels);
|
||||
sbands->bitrates = rsi_rates;
|
||||
sbands->n_bitrates = ARRAY_SIZE(rsi_rates);
|
||||
} else {
|
||||
channels = kmalloc(sizeof(rsi_5ghz_channels), GFP_KERNEL);
|
||||
memcpy(channels,
|
||||
rsi_5ghz_channels,
|
||||
sizeof(rsi_5ghz_channels));
|
||||
channels = kmemdup(rsi_5ghz_channels, sizeof(rsi_5ghz_channels),
|
||||
GFP_KERNEL);
|
||||
if (!channels)
|
||||
return -ENOMEM;
|
||||
sbands->band = NL80211_BAND_5GHZ;
|
||||
sbands->n_channels = ARRAY_SIZE(rsi_5ghz_channels);
|
||||
sbands->bitrates = &rsi_rates[4];
|
||||
|
@ -227,6 +227,7 @@ static void rsi_register_rates_channels(struct rsi_hw *adapter, int band)
|
|||
sbands->ht_cap.mcs.rx_mask[0] = 0xff;
|
||||
sbands->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
|
||||
/* sbands->ht_cap.mcs.rx_highest = 0x82; */
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int rsi_mac80211_hw_scan_start(struct ieee80211_hw *hw,
|
||||
|
@ -2064,11 +2065,16 @@ int rsi_mac80211_attach(struct rsi_common *common)
|
|||
wiphy->available_antennas_rx = 1;
|
||||
wiphy->available_antennas_tx = 1;
|
||||
|
||||
rsi_register_rates_channels(adapter, NL80211_BAND_2GHZ);
|
||||
status = rsi_register_rates_channels(adapter, NL80211_BAND_2GHZ);
|
||||
if (status)
|
||||
return status;
|
||||
wiphy->bands[NL80211_BAND_2GHZ] =
|
||||
&adapter->sbands[NL80211_BAND_2GHZ];
|
||||
if (common->num_supp_bands > 1) {
|
||||
rsi_register_rates_channels(adapter, NL80211_BAND_5GHZ);
|
||||
status = rsi_register_rates_channels(adapter,
|
||||
NL80211_BAND_5GHZ);
|
||||
if (status)
|
||||
return status;
|
||||
wiphy->bands[NL80211_BAND_5GHZ] =
|
||||
&adapter->sbands[NL80211_BAND_5GHZ];
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue