From 2c0a646da94d4e334e4070286e0361f91cd4f016 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Wed, 22 Nov 2017 02:04:29 +0000
Subject: [PATCH] mac80211: Fix null dereference in ieee80211_key_link()

Commit ef810e7c3d2a ("mac80211: accept key reinstall without changing
anything") moved the initialisation of key->sdata later in
ieee80211_key_link().  In the upstream commit fdf7cb4185b6 this was
fine, but in this version of the function there is additional code
which relies on key->sdata.  Change this to use the value that will be
(conditionally) assigned to it later.

Cc: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
 net/mac80211/key.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 01c64f408cce..bef511163d06 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -508,7 +508,7 @@ int ieee80211_key_link(struct ieee80211_key *key,
 			 */
 
 			/* same here, the AP could be using QoS */
-			ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid);
+			ap = sta_info_get(sdata, sdata->u.mgd.bssid);
 			if (ap) {
 				if (test_sta_flag(ap, WLAN_STA_WME))
 					key->conf.flags |=
-- 
2.39.5