cfg80211: fix a crash in nl80211_send_station

mac80211 leaves sinfo->assoc_req_ies uninitialized, causing a random pointer memory access in nl80211_send_station. Instead of checking if the pointer is null, use sinfo->filled, like the rest of the fields. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Felix Fietkau <nbd@openwrt.org> 2011-08-10 19:00:33 -0600
committer: Om Prakash Singh <omp@nvidia.com> 2012-06-15 14:15:19 +0530
commit: c1fbf58a26c01b33196d0e4832f2ef742ff1b871 (patch)
tree: 2e1848d22b2ee65e2db5901ba618a1051f9fd096 /net/wireless
parent: a5369a7586398d5071d4313e3bc068d8a0fd51cf (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index fb18bb4dea7a..d7b91a351f84 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -2236,7 +2236,7 @@ static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
 	}
 	nla_nest_end(msg, sinfoattr);
 
-	if (sinfo->assoc_req_ies)
+	if (sinfo->filled & STATION_INFO_ASSOC_REQ_IES)
 		NLA_PUT(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
 			sinfo->assoc_req_ies);
author	Felix Fietkau <nbd@openwrt.org>	2011-08-10 19:00:33 -0600
committer	Om Prakash Singh <omp@nvidia.com>	2012-06-15 14:15:19 +0530
commit	c1fbf58a26c01b33196d0e4832f2ef742ff1b871 (patch)
tree	2e1848d22b2ee65e2db5901ba618a1051f9fd096 /net/wireless
parent	a5369a7586398d5071d4313e3bc068d8a0fd51cf (diff)