Commit fbff868d authored by Jouni Malinen's avatar Jouni Malinen Committed by Jeff Garzik

[PATCH] hostap: Fix null pointer dereference in prism2_pccard_card_present()

local->hw_priv was initialized only after the interrupt handler was
registered. This could trigger a NULL pointer dereference in
prism2_pccard_card_present() that assumed that local->hw_priv is always
set (and it should have been). Fix this by setting local->hw_priv before
registering the interrupt handler.
Signed-off-by: default avatarJouni Malinen <jkmaline@cc.hut.fi>
Signed-off-by: default avatarJeff Garzik <jgarzik@pobox.com>
parent a8eef8a2
...@@ -772,6 +772,13 @@ static int prism2_config(dev_link_t *link) ...@@ -772,6 +772,13 @@ static int prism2_config(dev_link_t *link)
goto failed; goto failed;
link->priv = dev; link->priv = dev;
iface = netdev_priv(dev);
local = iface->local;
local->hw_priv = hw_priv;
hw_priv->link = link;
strcpy(hw_priv->node.dev_name, dev->name);
link->dev = &hw_priv->node;
/* /*
* Allocate an interrupt line. Note that this does not assign a * Allocate an interrupt line. Note that this does not assign a
* handler to the interrupt, unless the 'Handler' member of the * handler to the interrupt, unless the 'Handler' member of the
...@@ -817,13 +824,6 @@ static int prism2_config(dev_link_t *link) ...@@ -817,13 +824,6 @@ static int prism2_config(dev_link_t *link)
link->state |= DEV_CONFIG; link->state |= DEV_CONFIG;
link->state &= ~DEV_CONFIG_PENDING; link->state &= ~DEV_CONFIG_PENDING;
iface = netdev_priv(dev);
local = iface->local;
local->hw_priv = hw_priv;
hw_priv->link = link;
strcpy(hw_priv->node.dev_name, dev->name);
link->dev = &hw_priv->node;
local->shutdown = 0; local->shutdown = 0;
sandisk_enable_wireless(dev); sandisk_enable_wireless(dev);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment