From: Arend van Spriel Date: Tue, 6 Nov 2012 00:22:21 +0000 (-0800) Subject: brcmfmac: fix NULL pointer access in brcmf_create_iovar() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=bb451c8304604b4accdc5a86b7f731878175a83c;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git brcmfmac: fix NULL pointer access in brcmf_create_iovar() The function brcmf_fil_bsscfg_data_get() calls brcmf_create_iovar() with data pointer set to NULL, which caused a NULL pointer access. As it should be possible to provide data in message towards the firmware, it should just pass the data buffer instead. Reviewed-by: Hante Meuleman Signed-off-by: Arend van Spriel Signed-off-by: Franky Lin Signed-off-by: John W. Linville --- diff --git a/drivers/net/wireless/brcm80211/brcmfmac/fwil.c b/drivers/net/wireless/brcm80211/brcmfmac/fwil.c index 4b272c3d237c..f121d412495a 100644 --- a/drivers/net/wireless/brcm80211/brcmfmac/fwil.c +++ b/drivers/net/wireless/brcm80211/brcmfmac/fwil.c @@ -294,7 +294,7 @@ brcmf_fil_bsscfg_data_get(struct brcmf_if *ifp, char *name, mutex_lock(&drvr->proto_block); - buflen = brcmf_create_bsscfg(ifp->bssidx, name, NULL, len, + buflen = brcmf_create_bsscfg(ifp->bssidx, name, data, len, drvr->proto_buf, sizeof(drvr->proto_buf)); if (buflen) { err = brcmf_fil_cmd_data(ifp, BRCMF_C_GET_VAR, drvr->proto_buf,