From: Ben Hutchings <ben@decadent.org.uk>
Date: Wed, 22 Nov 2017 02:04:29 +0000 (+0000)
Subject: mac80211: Fix null dereference in ieee80211_key_link()
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2c0a646da94d4e334e4070286e0361f91cd4f016;p=pandora-kernel.git

mac80211: Fix null dereference in ieee80211_key_link()

Commit ef810e7c3d2a ("mac80211: accept key reinstall without changing
anything") moved the initialisation of key->sdata later in
ieee80211_key_link().  In the upstream commit fdf7cb4185b6 this was
fine, but in this version of the function there is additional code
which relies on key->sdata.  Change this to use the value that will be
(conditionally) assigned to it later.

Cc: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---

diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 01c64f408cce..bef511163d06 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -508,7 +508,7 @@ int ieee80211_key_link(struct ieee80211_key *key,
 			 */
 
 			/* same here, the AP could be using QoS */
-			ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid);
+			ap = sta_info_get(sdata, sdata->u.mgd.bssid);
 			if (ap) {
 				if (test_sta_flag(ap, WLAN_STA_WME))
 					key->conf.flags |=