Commit a5e5aa6c authored by Dan Carpenter's avatar Dan Carpenter Committed by John W. Linville

mwifiex: restore handling of NULL parameters

Prior to a5ffddb7 "mwifiex: remove casts of void pointers" the
code assumed that the data_buf parameter could be a NULL pointer.
The patch preserved some NULL checks but not consistently, so there
was a potential for NULL dereferences and it changed the behavior.
This patch restores the original behavior.
Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
Acked-by: default avatarBing Zhao <bzhao@marvell.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent f6b4e4d4
...@@ -779,6 +779,8 @@ static int mwifiex_cmd_ibss_coalescing_status(struct host_cmd_ds_command *cmd, ...@@ -779,6 +779,8 @@ static int mwifiex_cmd_ibss_coalescing_status(struct host_cmd_ds_command *cmd,
case HostCmd_ACT_GEN_SET: case HostCmd_ACT_GEN_SET:
if (enable) if (enable)
ibss_coal->enable = cpu_to_le16(*enable); ibss_coal->enable = cpu_to_le16(*enable);
else
ibss_coal->enable = 0;
break; break;
/* In other case.. Nothing to do */ /* In other case.. Nothing to do */
......
...@@ -183,30 +183,32 @@ static int mwifiex_ret_802_11_rssi_info(struct mwifiex_private *priv, ...@@ -183,30 +183,32 @@ static int mwifiex_ret_802_11_rssi_info(struct mwifiex_private *priv,
*/ */
static int mwifiex_ret_802_11_snmp_mib(struct mwifiex_private *priv, static int mwifiex_ret_802_11_snmp_mib(struct mwifiex_private *priv,
struct host_cmd_ds_command *resp, struct host_cmd_ds_command *resp,
u32 *ul_temp) u32 *data_buf)
{ {
struct host_cmd_ds_802_11_snmp_mib *smib = &resp->params.smib; struct host_cmd_ds_802_11_snmp_mib *smib = &resp->params.smib;
u16 oid = le16_to_cpu(smib->oid); u16 oid = le16_to_cpu(smib->oid);
u16 query_type = le16_to_cpu(smib->query_type); u16 query_type = le16_to_cpu(smib->query_type);
u32 ul_temp;
dev_dbg(priv->adapter->dev, "info: SNMP_RESP: oid value = %#x," dev_dbg(priv->adapter->dev, "info: SNMP_RESP: oid value = %#x,"
" query_type = %#x, buf size = %#x\n", " query_type = %#x, buf size = %#x\n",
oid, query_type, le16_to_cpu(smib->buf_size)); oid, query_type, le16_to_cpu(smib->buf_size));
if (query_type == HostCmd_ACT_GEN_GET) { if (query_type == HostCmd_ACT_GEN_GET) {
if (ul_temp) ul_temp = le16_to_cpu(*((__le16 *) (smib->value)));
*ul_temp = le16_to_cpu(*((__le16 *) (smib->value))); if (data_buf)
*data_buf = ul_temp;
switch (oid) { switch (oid) {
case FRAG_THRESH_I: case FRAG_THRESH_I:
dev_dbg(priv->adapter->dev, dev_dbg(priv->adapter->dev,
"info: SNMP_RESP: FragThsd =%u\n", *ul_temp); "info: SNMP_RESP: FragThsd =%u\n", ul_temp);
break; break;
case RTS_THRESH_I: case RTS_THRESH_I:
dev_dbg(priv->adapter->dev, dev_dbg(priv->adapter->dev,
"info: SNMP_RESP: RTSThsd =%u\n", *ul_temp); "info: SNMP_RESP: RTSThsd =%u\n", ul_temp);
break; break;
case SHORT_RETRY_LIM_I: case SHORT_RETRY_LIM_I:
dev_dbg(priv->adapter->dev, dev_dbg(priv->adapter->dev,
"info: SNMP_RESP: TxRetryCount=%u\n", *ul_temp); "info: SNMP_RESP: TxRetryCount=%u\n", ul_temp);
break; break;
default: default:
break; break;
...@@ -622,22 +624,23 @@ static int mwifiex_ret_802_11d_domain_info(struct mwifiex_private *priv, ...@@ -622,22 +624,23 @@ static int mwifiex_ret_802_11d_domain_info(struct mwifiex_private *priv,
*/ */
static int mwifiex_ret_802_11_rf_channel(struct mwifiex_private *priv, static int mwifiex_ret_802_11_rf_channel(struct mwifiex_private *priv,
struct host_cmd_ds_command *resp, struct host_cmd_ds_command *resp,
u16 *new_channel) u16 *data_buf)
{ {
struct host_cmd_ds_802_11_rf_channel *rf_channel = struct host_cmd_ds_802_11_rf_channel *rf_channel =
&resp->params.rf_channel; &resp->params.rf_channel;
u16 new_channel = le16_to_cpu(rf_channel->current_channel);
if (new_channel) if (priv->curr_bss_params.bss_descriptor.channel != new_channel) {
*new_channel = le16_to_cpu(rf_channel->current_channel);
if (priv->curr_bss_params.bss_descriptor.channel != *new_channel) {
dev_dbg(priv->adapter->dev, "cmd: Channel Switch: %d to %d\n", dev_dbg(priv->adapter->dev, "cmd: Channel Switch: %d to %d\n",
priv->curr_bss_params.bss_descriptor.channel, priv->curr_bss_params.bss_descriptor.channel,
*new_channel); new_channel);
/* Update the channel again */ /* Update the channel again */
priv->curr_bss_params.bss_descriptor.channel = *new_channel; priv->curr_bss_params.bss_descriptor.channel = new_channel;
} }
if (data_buf)
*data_buf = new_channel;
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment