summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>2013-08-05 10:19:22 +0530
committerKalle Valo <kvalo@qca.qualcomm.com>2013-08-07 10:58:59 +0300
commit9d0e2f0772d394060bf3b17cd1f3a35574365103 (patch)
tree6a0276c9109aa553efa59ab9a81f8578cc47e2ab
parentf32036e823c45cb4974aab1d0ae66d716bfc9aa6 (diff)
ath6kl: Fix invalid pointer access on fuzz testing with AP mode
In our Fuz testing, reference client corrupts the dest mac to "00:00:00:00:00:00" in the WPA2 handshake no 2. During driver init the sta_list entries mac addresses are by default "00:00:00:00:00:00". Driver returns an invalid pointer (conn) and the drver shall crash, if rxtids (aggr_conn) skb queues are accessed, since they would not be initialized. Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
-rw-r--r--drivers/net/wireless/ath/ath6kl/main.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/net/wireless/ath/ath6kl/main.c b/drivers/net/wireless/ath/ath6kl/main.c
index d4fcfcad57d..5839fc23bdc 100644
--- a/drivers/net/wireless/ath/ath6kl/main.c
+++ b/drivers/net/wireless/ath/ath6kl/main.c
@@ -29,6 +29,9 @@ struct ath6kl_sta *ath6kl_find_sta(struct ath6kl_vif *vif, u8 *node_addr)
struct ath6kl_sta *conn = NULL;
u8 i, max_conn;
+ if (is_zero_ether_addr(node_addr))
+ return NULL;
+
max_conn = (vif->nw_type == AP_NETWORK) ? AP_MAX_NUM_STA : 0;
for (i = 0; i < max_conn; i++) {