aboutsummaryrefslogtreecommitdiffstats
path: root/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
diff options
context:
space:
mode:
authorJohn Crispin <blogic@openwrt.org>2015-01-30 08:06:28 +0000
committerJohn Crispin <blogic@openwrt.org>2015-01-30 08:06:28 +0000
commitf223ab856d64ad86fe82d371dc4b5702ed386af4 (patch)
treecd34a2b208ad94bb4e1be12c25dac370f477b0ea /package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
parent61f0b79e06d9f3758705e7662dc8dba3c542efad (diff)
downloadupstream-f223ab856d64ad86fe82d371dc4b5702ed386af4.tar.gz
upstream-f223ab856d64ad86fe82d371dc4b5702ed386af4.tar.bz2
upstream-f223ab856d64ad86fe82d371dc4b5702ed386af4.zip
mac80211: fix NULL pointer crash in monitor frame injection TX path
This "patch to the patch" fixes a NULL pointer derefence crash in the new intermediate software queues. The crash can be reproduced by injecting an 802.11 frame with a BSSID that does not belong to a configured vif. The wperf tool (https://github.com/anyfi/wperf) may be convenient for doing this. Signed-off-by: Johan Almbladh <ja@anyfi.net> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44220 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch')
-rw-r--r--package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch2
1 files changed, 1 insertions, 1 deletions
diff --git a/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch b/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
index ce5d4dcc3e..a9e95fff6e 100644
--- a/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
+++ b/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
@@ -384,7 +384,7 @@ Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+ if (pubsta) {
+ u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
+ pubtxq = pubsta->txq[tid];
-+ } else {
++ } else if (vif) {
+ pubtxq = vif->txq;
+ }
+