cfg80211: fix NULL pointer deference in reg_device_remove()
authorLuis R. Rodriguez <lrodriguez@atheros.com>
Wed, 25 Mar 2009 01:21:08 +0000 (21:21 -0400)
committerJohn W. Linville <linville@tuxdriver.com>
Thu, 16 Apr 2009 14:39:01 +0000 (10:39 -0400)
We won't ever get here as regulatory_hint_core() can only fail
on -ENOMEM and in that case we don't initialize cfg80211 but this is
technically correct code.

This is actually good for stable, where we don't check for -ENOMEM
failure on __regulatory_hint()'s failure.

Cc: stable@kernel.org
Reported-by: Quentin Armitage <Quentin@armitage.org.uk>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
net/wireless/reg.c

index 6327e16..6c1993d 100644 (file)
@@ -2095,11 +2095,12 @@ int set_regdom(const struct ieee80211_regdomain *rd)
 /* Caller must hold cfg80211_mutex */
 void reg_device_remove(struct wiphy *wiphy)
 {
-       struct wiphy *request_wiphy;
+       struct wiphy *request_wiphy = NULL;
 
        assert_cfg80211_lock();
 
-       request_wiphy = wiphy_idx_to_wiphy(last_request->wiphy_idx);
+       if (last_request)
+               request_wiphy = wiphy_idx_to_wiphy(last_request->wiphy_idx);
 
        kfree(wiphy->regd);
        if (!last_request || !request_wiphy)