From: Johannes Berg Date: Mon, 18 Sep 2017 20:46:36 +0000 (+0200) Subject: nl80211: fix null-ptr dereference on invalid mesh configuration X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=265698d7e6132a2d41471135534f4f36ad15b09c;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git nl80211: fix null-ptr dereference on invalid mesh configuration If TX rates are specified during mesh join, the channel must also be specified. Check the channel pointer to avoid a null pointer dereference if it isn't. Reported-by: Jouni Malinen Fixes: 8564e38206de ("cfg80211: add checks for beacon rate, extend to mesh") Signed-off-by: Johannes Berg --- diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index fbd5593e88cb..690874293cfc 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -9987,6 +9987,9 @@ static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) if (err) return err; + if (!setup.chandef.chan) + return -EINVAL; + err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band, &setup.beacon_rate); if (err)