From patchwork Wed Nov 22 03:02:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael-CY Lee X-Patchwork-Id: 746432 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4FFD4C61D92 for ; Wed, 22 Nov 2023 03:02:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229558AbjKVDCx (ORCPT ); Tue, 21 Nov 2023 22:02:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60062 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229464AbjKVDCw (ORCPT ); Tue, 21 Nov 2023 22:02:52 -0500 Received: from mailgw01.mediatek.com (unknown [60.244.123.138]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D93590 for ; Tue, 21 Nov 2023 19:02:46 -0800 (PST) X-UUID: 9a4873a288e311eea33bb35ae8d461a2-20231122 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From; bh=0Yh1gT0UDhie6zGabE2W9ULuFS2W4omY+h+RskpwRnA=; b=siVrkAwKwv9xOhA2pynUhhsT5FG4tCOZzCy1vH/u5AbF8xeTRiH59b4B4K/NUNXYnRltYdPZVXDTwVbDiSey3kzXD0PpfVDn25vE9t4z4elQeZuPRkI5uWlOzj5k2FHCMAsHeM3Mr1i2s5P3LWtRW27UPDL94bwVTXitt60Ft48=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.33, REQID:313d73d9-6258-4270-8a16-672c520f9c8f, IP:0, U RL:0,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION: release,TS:0 X-CID-META: VersionHash:364b77b, CLOUDID:bf17ed72-1bd3-4f48-b671-ada88705968c, B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO, DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0,NGT X-CID-BAS: 0,NGT,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR X-UUID: 9a4873a288e311eea33bb35ae8d461a2-20231122 Received: from mtkmbs14n2.mediatek.inc [(172.21.101.76)] by mailgw01.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 2109668486; Wed, 22 Nov 2023 11:02:42 +0800 Received: from mtkmbs11n1.mediatek.inc (172.21.101.185) by mtkmbs10n2.mediatek.inc (172.21.101.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Wed, 22 Nov 2023 11:02:40 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by mtkmbs11n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Wed, 22 Nov 2023 11:02:39 +0800 From: Michael-CY Lee To: linux-wireless CC: Johannes Berg , Felix Fietkau , Lorenzo Bianconi , Evelyn Tsai , Money Wang , linux-mediatek , Michael-CY Lee Subject: [PATCH] wifi: mac80211: Fix potential he_6ghz_oper NULL pointer access Date: Wed, 22 Nov 2023 11:02:37 +0800 Message-ID: <20231122030237.31276-1-michael-cy.lee@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 X-TM-AS-Product-Ver: SMEX-14.0.0.3152-9.1.1006-23728.005 X-TM-AS-Result: No-10--1.360500-8.000000 X-TMASE-MatchedRID: 1R9kVYz+2gWKlsLPb8jwawPZZctd3P4Bh+w9Wz/xXDoKogmGusPLb8bX zAmc72fpJ7vDzKaAUziwZHMQdNbacR8TzIzimOwPlpYqKNmWxsHZs3HUcS/scCq2rl3dzGQ1Gpe evGsoI5d9r+SrozkFf04GYupf0ODaBvkak2FvxqUkqRIqhmd6vLkAQCRlGE7iP71lVwKowA7oRJ wffUpAimUQJZR/iHqQsT86m58CuFMXRoPmWO3jekxwdkPqCq7vDEyN+J8hd+jCS9WgDXVPCn7cG d19dSFd X-TM-AS-User-Approved-Sender: No X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 10--1.360500-8.000000 X-TMASE-Version: SMEX-14.0.0.3152-9.1.1006-23728.005 X-TM-SNTS-SMTP: 401B68C1F34588474A4B5349849C68AA102A9715CEDFF268D71F1A3B7B5BA5DD2000:8 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Signed-off-by: Michael-CY Lee --- include/linux/ieee80211.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index 3308e85..a23ec4c 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -2671,12 +2671,14 @@ ieee80211_he_oper_size(const u8 *he_oper_ie) static inline const struct ieee80211_he_6ghz_oper * ieee80211_he_6ghz_oper(const struct ieee80211_he_operation *he_oper) { - const u8 *ret = (const void *)&he_oper->optional; + const u8 *ret; u32 he_oper_params; if (!he_oper) return NULL; + ret = (const void *)&he_oper->optional; + he_oper_params = le32_to_cpu(he_oper->he_oper_params); if (!(he_oper_params & IEEE80211_HE_OPERATION_6GHZ_OP_INFO))