diff options
author | Dan Carpenter <error27@gmail.com> | 2011-06-24 16:33:35 +0300 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2011-06-27 15:09:42 -0400 |
commit | a5e5aa6cee4cdb967a1f1c33a31165062783ccea (patch) | |
tree | c3e36575ff7495c5a70a567d7d4272acafc466ec | |
parent | f6b4e4d476b890e1ddebbed8ec4924f9c2750a31 (diff) |
mwifiex: restore handling of NULL parameters
Prior to a5ffddb70c5cab "mwifiex: remove casts of void pointers" the
code assumed that the data_buf parameter could be a NULL pointer.
The patch preserved some NULL checks but not consistently, so there
was a potential for NULL dereferences and it changed the behavior.
This patch restores the original behavior.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r-- | drivers/net/wireless/mwifiex/sta_cmd.c | 2 | ||||
-rw-r--r-- | drivers/net/wireless/mwifiex/sta_cmdresp.c | 29 |
2 files changed, 18 insertions, 13 deletions
diff --git a/drivers/net/wireless/mwifiex/sta_cmd.c b/drivers/net/wireless/mwifiex/sta_cmd.c index d85a0a60aa6a..49b9c1309f7a 100644 --- a/drivers/net/wireless/mwifiex/sta_cmd.c +++ b/drivers/net/wireless/mwifiex/sta_cmd.c @@ -779,6 +779,8 @@ static int mwifiex_cmd_ibss_coalescing_status(struct host_cmd_ds_command *cmd, case HostCmd_ACT_GEN_SET: if (enable) ibss_coal->enable = cpu_to_le16(*enable); + else + ibss_coal->enable = 0; break; /* In other case.. Nothing to do */ diff --git a/drivers/net/wireless/mwifiex/sta_cmdresp.c b/drivers/net/wireless/mwifiex/sta_cmdresp.c index ad64c87b91d6..6804239d87bd 100644 --- a/drivers/net/wireless/mwifiex/sta_cmdresp.c +++ b/drivers/net/wireless/mwifiex/sta_cmdresp.c @@ -183,30 +183,32 @@ static int mwifiex_ret_802_11_rssi_info(struct mwifiex_private *priv, */ static int mwifiex_ret_802_11_snmp_mib(struct mwifiex_private *priv, struct host_cmd_ds_command *resp, - u32 *ul_temp) + u32 *data_buf) { struct host_cmd_ds_802_11_snmp_mib *smib = &resp->params.smib; u16 oid = le16_to_cpu(smib->oid); u16 query_type = le16_to_cpu(smib->query_type); + u32 ul_temp; dev_dbg(priv->adapter->dev, "info: SNMP_RESP: oid value = %#x," " query_type = %#x, buf size = %#x\n", oid, query_type, le16_to_cpu(smib->buf_size)); if (query_type == HostCmd_ACT_GEN_GET) { - if (ul_temp) - *ul_temp = le16_to_cpu(*((__le16 *) (smib->value))); + ul_temp = le16_to_cpu(*((__le16 *) (smib->value))); + if (data_buf) + *data_buf = ul_temp; switch (oid) { case FRAG_THRESH_I: dev_dbg(priv->adapter->dev, - "info: SNMP_RESP: FragThsd =%u\n", *ul_temp); + "info: SNMP_RESP: FragThsd =%u\n", ul_temp); break; case RTS_THRESH_I: dev_dbg(priv->adapter->dev, - "info: SNMP_RESP: RTSThsd =%u\n", *ul_temp); + "info: SNMP_RESP: RTSThsd =%u\n", ul_temp); break; case SHORT_RETRY_LIM_I: dev_dbg(priv->adapter->dev, - "info: SNMP_RESP: TxRetryCount=%u\n", *ul_temp); + "info: SNMP_RESP: TxRetryCount=%u\n", ul_temp); break; default: break; @@ -622,22 +624,23 @@ static int mwifiex_ret_802_11d_domain_info(struct mwifiex_private *priv, */ static int mwifiex_ret_802_11_rf_channel(struct mwifiex_private *priv, struct host_cmd_ds_command *resp, - u16 *new_channel) + u16 *data_buf) { struct host_cmd_ds_802_11_rf_channel *rf_channel = &resp->params.rf_channel; + u16 new_channel = le16_to_cpu(rf_channel->current_channel); - if (new_channel) - *new_channel = le16_to_cpu(rf_channel->current_channel); - - if (priv->curr_bss_params.bss_descriptor.channel != *new_channel) { + if (priv->curr_bss_params.bss_descriptor.channel != new_channel) { dev_dbg(priv->adapter->dev, "cmd: Channel Switch: %d to %d\n", priv->curr_bss_params.bss_descriptor.channel, - *new_channel); + new_channel); /* Update the channel again */ - priv->curr_bss_params.bss_descriptor.channel = *new_channel; + priv->curr_bss_params.bss_descriptor.channel = new_channel; } + if (data_buf) + *data_buf = new_channel; + return 0; } |