ath9k: Fix a NULL pointer dereference in ath_rate_get

It looks like mac80211 may try to send unicast frames to a STA that
does not have a STA entry. We need to make sure that that is caught in
the rate control code before dereferencing STA data.

Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

diff --git a/drivers/net/wireless/ath9k/rc.c b/drivers/net/wireless/ath9k/rc.c
index 0ae5988..04ab457 100644 (file)
--- a/drivers/net/wireless/ath9k/rc.c
+++ b/drivers/net/wireless/ath9k/rc.c
@@ -1498,7 +1498,8 @@ static void ath_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
        __le16 fc = hdr->frame_control;
 
        /* lowest rate for management and multicast/broadcast frames */
-       if (!ieee80211_is_data(fc) || is_multicast_ether_addr(hdr->addr1)) {
+       if (!ieee80211_is_data(fc) || is_multicast_ether_addr(hdr->addr1) ||
+           !sta) {
                tx_info->control.rates[0].idx = rate_lowest_index(sband, sta);
                tx_info->control.rates[0].count =
                        is_multicast_ether_addr(hdr->addr1) ? 1 : ATH_MGT_TXMAXTRY;