mwifiex: fix NULL pointer dereference during hidden SSID scan
authorAniket Nagarnaik <aniketn@marvell.com>
Fri, 18 Sep 2015 13:32:09 +0000 (06:32 -0700)
committerKalle Valo <kvalo@codeaurora.org>
Tue, 29 Sep 2015 07:47:36 +0000 (10:47 +0300)
This NULL pointer dereference is observed during suspend resume
stress test. All pending commands are cancelled when system goes
into suspend state. There a corner case in which host may receive
response for last scan command after this and try to trigger extra
active scan for hidden SSIDs.

The issue is fixed by adding a NULL check to skip that extra scan.

Fixes: 2375fa2b36feaf34 (mwifiex: fix unable to connect hidden SSID..)
Cc: <stable@vger.kernel.org> [v4.2+]
Signed-off-by: Aniket Nagarnaik <aniketn@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
drivers/net/wireless/mwifiex/scan.c

index 3675730fc3b5b54aa6e68c138ca05d1346dc306c..c20017ced5667c796abec645ae5cc8ca620b530f 100644 (file)
@@ -1893,7 +1893,7 @@ mwifiex_active_scan_req_for_passive_chan(struct mwifiex_private *priv)
        u8 id = 0;
        struct mwifiex_user_scan_cfg  *user_scan_cfg;
 
-       if (adapter->active_scan_triggered) {
+       if (adapter->active_scan_triggered || !priv->scan_request) {
                adapter->active_scan_triggered = false;
                return 0;
        }