From bb451c8304604b4accdc5a86b7f731878175a83c Mon Sep 17 00:00:00 2001 From: Arend van Spriel Date: Mon, 5 Nov 2012 16:22:21 -0800 Subject: [PATCH] brcmfmac: fix NULL pointer access in brcmf_create_iovar() The function brcmf_fil_bsscfg_data_get() calls brcmf_create_iovar() with data pointer set to NULL, which caused a NULL pointer access. As it should be possible to provide data in message towards the firmware, it should just pass the data buffer instead. Reviewed-by: Hante Meuleman Signed-off-by: Arend van Spriel Signed-off-by: Franky Lin Signed-off-by: John W. Linville --- drivers/net/wireless/brcm80211/brcmfmac/fwil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/brcm80211/brcmfmac/fwil.c b/drivers/net/wireless/brcm80211/brcmfmac/fwil.c index 4b272c3..f121d41 100644 --- a/drivers/net/wireless/brcm80211/brcmfmac/fwil.c +++ b/drivers/net/wireless/brcm80211/brcmfmac/fwil.c @@ -294,7 +294,7 @@ brcmf_fil_bsscfg_data_get(struct brcmf_if *ifp, char *name, mutex_lock(&drvr->proto_block); - buflen = brcmf_create_bsscfg(ifp->bssidx, name, NULL, len, + buflen = brcmf_create_bsscfg(ifp->bssidx, name, data, len, drvr->proto_buf, sizeof(drvr->proto_buf)); if (buflen) { err = brcmf_fil_cmd_data(ifp, BRCMF_C_GET_VAR, drvr->proto_buf, -- 2.7.4