[OpenWrt-Devel] mac80211: fix NULL pointer crash in monitor frame injection TX path
diff mbox

Message ID 1422536765-32146-1-git-send-email-ja@anyfi.net
State Accepted
Headers show

Commit Message

Johan Almbladh Jan. 29, 2015, 1:06 p.m. UTC
This "patch to the patch" fixes a NULL pointer derefence crash in the new
intermediate software queues. The crash can be reproduced by injecting an
802.11 frame with a BSSID that does not belong to a configured vif. The
wperf tool (https://github.com/anyfi/wperf) may be convenient for doing
this.

Johan

---
 ...d-an-intermediate-software-queue-implemen.patch |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch
diff mbox

diff --git a/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch b/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
index ce5d4dc..a9e95ff 100644
--- a/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
+++ b/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
@@ -384,7 +384,7 @@  Signed-off-by: Felix Fietkau <nbd@openwrt.org>
 +	if (pubsta) {
 +		u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
 +		pubtxq = pubsta->txq[tid];
-+	} else {
++	} else if (vif) {
 +		pubtxq = vif->txq;
 +	}
 +