iwmc3200wifi: fix NULL pointer dereference in pmkid update

When handling IWM_CMD_PMKID_FLUSH command, the bssid and
pmkid in pmksa are all NULL. Check it before memcpy.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Acked-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

diff --git a/drivers/net/wireless/iwmc3200wifi/commands.c b/drivers/net/wireless/iwmc3200wifi/commands.c
index bd06307..89b33fa 100644 (file)
--- a/drivers/net/wireless/iwmc3200wifi/commands.c
+++ b/drivers/net/wireless/iwmc3200wifi/commands.c
@@ -970,8 +970,10 @@ int iwm_send_pmkid_update(struct iwm_priv *iwm,
        memset(&update, 0, sizeof(struct iwm_umac_pmkid_update));
 
        update.command = cpu_to_le32(command);
-       memcpy(&update.bssid, pmksa->bssid, ETH_ALEN);
-       memcpy(&update.pmkid, pmksa->pmkid, WLAN_PMKID_LEN);
+       if (pmksa->bssid)
+               memcpy(&update.bssid, pmksa->bssid, ETH_ALEN);
+       if (pmksa->pmkid)
+               memcpy(&update.pmkid, pmksa->pmkid, WLAN_PMKID_LEN);
 
        ret = iwm_send_wifi_if_cmd(iwm, &update,
                                   sizeof(struct iwm_umac_pmkid_update), 0);