diff options
| author | Arend van Spriel <arend.vanspriel@broadcom.com> | 2023-01-03 13:41:16 +0100 |
|---|---|---|
| committer | Kalle Valo <kvalo@kernel.org> | 2023-01-16 13:25:53 +0200 |
| commit | aadb50d1571211c73248605bcc1f4b9f8e3d1364 (patch) | |
| tree | d45c4b400f951431ad67516af0981471d16e4f7d /drivers/net | |
| parent | e5d1ab1a73ad275c0205cbc09a0a9f9f42bbb87f (diff) | |
| download | lwn-aadb50d1571211c73248605bcc1f4b9f8e3d1364.tar.gz lwn-aadb50d1571211c73248605bcc1f4b9f8e3d1364.zip | |
wifi: brcmfmac: avoid NULL-deref in survey dump for 2G only device
When dealing with a device for 2GHz band only the wiphy->bands for
5GHz will be NULL. This would result in a NULL-deref in the
brcmf_cfg80211_dump_survey() function. Rework the code with a
for-loop to make it easier to add another band.
Fixes: 6c04deae1438 ("brcmfmac: Add dump_survey cfg80211 ops for HostApd AutoChannelSelection")
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230103124117.271988-3-arend.vanspriel@broadcom.com
Diffstat (limited to 'drivers/net')
| -rw-r--r-- | drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c index 478ca3848c64..b115902eb475 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c @@ -7964,6 +7964,7 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, struct net_device *ndev, struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg)); struct brcmf_dump_survey survey = {}; struct ieee80211_supported_band *band; + enum nl80211_band band_id; struct cca_msrmnt_query req; u32 noise; int err; @@ -7976,21 +7977,23 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, struct net_device *ndev, return -EBUSY; } - band = wiphy->bands[NL80211_BAND_2GHZ]; - if (band && idx >= band->n_channels) { - idx -= band->n_channels; - band = NULL; - } + for (band_id = 0; band_id < NUM_NL80211_BANDS; band_id++) { + band = wiphy->bands[band_id]; + if (!band) + continue; + if (idx >= band->n_channels) { + idx -= band->n_channels; + continue; + } - if (!band || idx >= band->n_channels) { - band = wiphy->bands[NL80211_BAND_5GHZ]; - if (idx >= band->n_channels) - return -ENOENT; + info->channel = &band->channels[idx]; + break; } + if (band_id == NUM_NL80211_BANDS) + return -ENOENT; /* Setting current channel to the requested channel */ info->filled = 0; - info->channel = &band->channels[idx]; if (cfg80211_set_channel(wiphy, ndev, info->channel, NL80211_CHAN_HT20)) return 0; |