From: Jouni Malinen Date: Mon, 29 Aug 2005 00:53:32 +0000 (-0700) Subject: [PATCH] hostap: Fix null pointer dereference in prism2_pccard_card_present() X-Git-Tag: v2.6.14-rc1~1017^2~1 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fbff868db3a4cc6a89d51da9a6d49b26c29d04fb;p=linux-2.6 [PATCH] hostap: Fix null pointer dereference in prism2_pccard_card_present() local->hw_priv was initialized only after the interrupt handler was registered. This could trigger a NULL pointer dereference in prism2_pccard_card_present() that assumed that local->hw_priv is always set (and it should have been). Fix this by setting local->hw_priv before registering the interrupt handler. Signed-off-by: Jouni Malinen Signed-off-by: Jeff Garzik --- diff --git a/drivers/net/wireless/hostap/hostap_cs.c b/drivers/net/wireless/hostap/hostap_cs.c index e1f1eb8e48..faa83badf0 100644 --- a/drivers/net/wireless/hostap/hostap_cs.c +++ b/drivers/net/wireless/hostap/hostap_cs.c @@ -772,6 +772,13 @@ static int prism2_config(dev_link_t *link) goto failed; link->priv = dev; + iface = netdev_priv(dev); + local = iface->local; + local->hw_priv = hw_priv; + hw_priv->link = link; + strcpy(hw_priv->node.dev_name, dev->name); + link->dev = &hw_priv->node; + /* * Allocate an interrupt line. Note that this does not assign a * handler to the interrupt, unless the 'Handler' member of the @@ -817,13 +824,6 @@ static int prism2_config(dev_link_t *link) link->state |= DEV_CONFIG; link->state &= ~DEV_CONFIG_PENDING; - iface = netdev_priv(dev); - local = iface->local; - local->hw_priv = hw_priv; - hw_priv->link = link; - strcpy(hw_priv->node.dev_name, dev->name); - link->dev = &hw_priv->node; - local->shutdown = 0; sandisk_enable_wireless(dev);