mwifiex: restore handling of NULL parameters
authorDan Carpenter <error27@gmail.com>
Fri, 24 Jun 2011 13:33:35 +0000 (16:33 +0300)
committerJohn W. Linville <linville@tuxdriver.com>
Mon, 27 Jun 2011 19:09:42 +0000 (15:09 -0400)
Prior to a5ffddb70c5cab "mwifiex: remove casts of void pointers" the
code assumed that the data_buf parameter could be a NULL pointer.
The patch preserved some NULL checks but not consistently, so there
was a potential for NULL dereferences and it changed the behavior.
This patch restores the original behavior.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/mwifiex/sta_cmd.c
drivers/net/wireless/mwifiex/sta_cmdresp.c

index d85a0a60aa6ab0bb156a9ed10d0db0b95683030f..49b9c1309f7a8865a60d95e858eb8e4b8d45346e 100644 (file)
@@ -779,6 +779,8 @@ static int mwifiex_cmd_ibss_coalescing_status(struct host_cmd_ds_command *cmd,
        case HostCmd_ACT_GEN_SET:
                if (enable)
                        ibss_coal->enable = cpu_to_le16(*enable);
+               else
+                       ibss_coal->enable = 0;
                break;
 
                /* In other case.. Nothing to do */
index ad64c87b91d6a05261c3f62cf842be8761c24793..6804239d87bd52db7ddac8f934c9a6b28cffa144 100644 (file)
@@ -183,30 +183,32 @@ static int mwifiex_ret_802_11_rssi_info(struct mwifiex_private *priv,
  */
 static int mwifiex_ret_802_11_snmp_mib(struct mwifiex_private *priv,
                                       struct host_cmd_ds_command *resp,
-                                      u32 *ul_temp)
+                                      u32 *data_buf)
 {
        struct host_cmd_ds_802_11_snmp_mib *smib = &resp->params.smib;
        u16 oid = le16_to_cpu(smib->oid);
        u16 query_type = le16_to_cpu(smib->query_type);
+       u32 ul_temp;
 
        dev_dbg(priv->adapter->dev, "info: SNMP_RESP: oid value = %#x,"
                        " query_type = %#x, buf size = %#x\n",
                        oid, query_type, le16_to_cpu(smib->buf_size));
        if (query_type == HostCmd_ACT_GEN_GET) {
-               if (ul_temp)
-                       *ul_temp = le16_to_cpu(*((__le16 *) (smib->value)));
+               ul_temp = le16_to_cpu(*((__le16 *) (smib->value)));
+               if (data_buf)
+                       *data_buf = ul_temp;
                switch (oid) {
                case FRAG_THRESH_I:
                        dev_dbg(priv->adapter->dev,
-                               "info: SNMP_RESP: FragThsd =%u\n", *ul_temp);
+                               "info: SNMP_RESP: FragThsd =%u\n", ul_temp);
                        break;
                case RTS_THRESH_I:
                        dev_dbg(priv->adapter->dev,
-                               "info: SNMP_RESP: RTSThsd =%u\n", *ul_temp);
+                               "info: SNMP_RESP: RTSThsd =%u\n", ul_temp);
                        break;
                case SHORT_RETRY_LIM_I:
                        dev_dbg(priv->adapter->dev,
-                               "info: SNMP_RESP: TxRetryCount=%u\n", *ul_temp);
+                               "info: SNMP_RESP: TxRetryCount=%u\n", ul_temp);
                        break;
                default:
                        break;
@@ -622,22 +624,23 @@ static int mwifiex_ret_802_11d_domain_info(struct mwifiex_private *priv,
  */
 static int mwifiex_ret_802_11_rf_channel(struct mwifiex_private *priv,
                                         struct host_cmd_ds_command *resp,
-                                        u16 *new_channel)
+                                        u16 *data_buf)
 {
        struct host_cmd_ds_802_11_rf_channel *rf_channel =
                &resp->params.rf_channel;
+       u16 new_channel = le16_to_cpu(rf_channel->current_channel);
 
-       if (new_channel)
-               *new_channel = le16_to_cpu(rf_channel->current_channel);
-
-       if (priv->curr_bss_params.bss_descriptor.channel != *new_channel) {
+       if (priv->curr_bss_params.bss_descriptor.channel != new_channel) {
                dev_dbg(priv->adapter->dev, "cmd: Channel Switch: %d to %d\n",
                       priv->curr_bss_params.bss_descriptor.channel,
-                      *new_channel);
+                      new_channel);
                /* Update the channel again */
-               priv->curr_bss_params.bss_descriptor.channel = *new_channel;
+               priv->curr_bss_params.bss_descriptor.channel = new_channel;
        }
 
+       if (data_buf)
+               *data_buf = new_channel;
+
        return 0;
 }