mwifiex: fix NULL pointer dereference during hidden SSID scan

This NULL pointer dereference is observed during suspend resume
stress test. All pending commands are cancelled when system goes
into suspend state. There a corner case in which host may receive
response for last scan command after this and try to trigger extra
active scan for hidden SSIDs.

The issue is fixed by adding a NULL check to skip that extra scan.

Fixes: 2375fa2b36feaf34 (mwifiex: fix unable to connect hidden SSID..)
Cc: <stable@vger.kernel.org> [v4.2+]
Signed-off-by: Aniket Nagarnaik <aniketn@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/mwifiex/scan.c b/drivers/net/wireless/mwifiex/scan.c
index 3675730..c20017c 100644 (file)
--- a/drivers/net/wireless/mwifiex/scan.c
+++ b/drivers/net/wireless/mwifiex/scan.c
@@ -1893,7 +1893,7 @@ mwifiex_active_scan_req_for_passive_chan(struct mwifiex_private *priv)
        u8 id = 0;
        struct mwifiex_user_scan_cfg  *user_scan_cfg;
 
-       if (adapter->active_scan_triggered) {
+       if (adapter->active_scan_triggered || !priv->scan_request) {
                adapter->active_scan_triggered = false;
                return 0;
        }