From 6646a664e3b60bf3e5db676e0626e6ccd71b3363 Mon Sep 17 00:00:00 2001 From: Zhu Yi Date: Tue, 1 Dec 2009 11:48:50 +0800 Subject: [PATCH] iwmc3200wifi: fix NULL pointer dereference in pmkid update When handling IWM_CMD_PMKID_FLUSH command, the bssid and pmkid in pmksa are all NULL. Check it before memcpy. Signed-off-by: Zhu Yi Acked-by: Samuel Ortiz Signed-off-by: John W. Linville --- drivers/net/wireless/iwmc3200wifi/commands.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/iwmc3200wifi/commands.c b/drivers/net/wireless/iwmc3200wifi/commands.c index bd0630755b32..89b33fa8d4ef 100644 --- a/drivers/net/wireless/iwmc3200wifi/commands.c +++ b/drivers/net/wireless/iwmc3200wifi/commands.c @@ -970,8 +970,10 @@ int iwm_send_pmkid_update(struct iwm_priv *iwm, memset(&update, 0, sizeof(struct iwm_umac_pmkid_update)); update.command = cpu_to_le32(command); - memcpy(&update.bssid, pmksa->bssid, ETH_ALEN); - memcpy(&update.pmkid, pmksa->pmkid, WLAN_PMKID_LEN); + if (pmksa->bssid) + memcpy(&update.bssid, pmksa->bssid, ETH_ALEN); + if (pmksa->pmkid) + memcpy(&update.pmkid, pmksa->pmkid, WLAN_PMKID_LEN); ret = iwm_send_wifi_if_cmd(iwm, &update, sizeof(struct iwm_umac_pmkid_update), 0); -- 2.20.1