[PATCH] hostap: Fix null pointer dereference in prism2_pccard_card_present()
Jouni Malinen
jkmaline
Sun Aug 28 17:53:32 PDT 2005
On Sun, Aug 28, 2005 at 07:26:12PM -0400, Jeff Garzik wrote:
> applied, but let us know when the root cause is found...
local->hw_priv was initialized only after the interrupt handler was
registered. This could trigger a NULL pointer dereference in
prism2_pccard_card_present() that assumed that local->hw_priv is always
set (and it should have been). Fix this by setting local->hw_priv before
registering the interrupt handler.
Signed-off-by: Jouni Malinen <jkmaline at cc.hut.fi>
Index: netdev-2.6/drivers/net/wireless/hostap/hostap_cs.c
===================================================================
--- netdev-2.6.orig/drivers/net/wireless/hostap/hostap_cs.c
+++ netdev-2.6/drivers/net/wireless/hostap/hostap_cs.c
@@ -772,6 +772,13 @@ static int prism2_config(dev_link_t *lin
goto failed;
link->priv = dev;
+ iface = netdev_priv(dev);
+ local = iface->local;
+ local->hw_priv = hw_priv;
+ hw_priv->link = link;
+ strcpy(hw_priv->node.dev_name, dev->name);
+ link->dev = &hw_priv->node;
+
/*
* Allocate an interrupt line. Note that this does not assign a
* handler to the interrupt, unless the 'Handler' member of the
@@ -817,13 +824,6 @@ static int prism2_config(dev_link_t *lin
link->state |= DEV_CONFIG;
link->state &= ~DEV_CONFIG_PENDING;
- iface = netdev_priv(dev);
- local = iface->local;
- local->hw_priv = hw_priv;
- hw_priv->link = link;
- strcpy(hw_priv->node.dev_name, dev->name);
- link->dev = &hw_priv->node;
-
local->shutdown = 0;
sandisk_enable_wireless(dev);
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list