svn commit: r197644 - head/sys/dev/if_ndis
Coleman Kane
cokane at FreeBSD.org
Wed Sep 30 14:28:39 UTC 2009
Author: cokane
Date: Wed Sep 30 14:28:38 2009
New Revision: 197644
URL: http://svn.freebsd.org/changeset/base/197644
Log:
Correct a bug that could lead to a kernel panic if a user attempted to
perform 802.11 operations directly on the ndis0 interface before the
first VAP (wlan0) had been created. This would lead to a NULL-pointer
dereference in the kernel.
Submitted by: Paul B. Mahol <onemda at gmail.com>
MFC after: 3 days
Modified:
head/sys/dev/if_ndis/if_ndis.c
Modified: head/sys/dev/if_ndis/if_ndis.c
==============================================================================
--- head/sys/dev/if_ndis/if_ndis.c Wed Sep 30 13:26:31 2009 (r197643)
+++ head/sys/dev/if_ndis/if_ndis.c Wed Sep 30 14:28:38 2009 (r197644)
@@ -1534,7 +1534,7 @@ ndis_inputtask(dobj, arg)
if (m == NULL)
break;
KeReleaseSpinLock(&sc->ndis_rxlock, irql);
- if (sc->ndis_80211)
+ if (sc->ndis_80211 && vap)
vap->iv_deliver_data(vap, vap->iv_bss, m);
else
(*ifp->if_input)(ifp, m);
@@ -1746,7 +1746,7 @@ ndis_ticktask(d, xsc)
sc->ndis_sts == NDIS_STATUS_MEDIA_CONNECT) {
sc->ndis_link = 1;
NDIS_UNLOCK(sc);
- if (sc->ndis_80211) {
+ if (sc->ndis_80211 && vap) {
ndis_getstate_80211(sc);
ieee80211_new_state(vap, IEEE80211_S_RUN, -1);
}
@@ -1758,7 +1758,7 @@ ndis_ticktask(d, xsc)
sc->ndis_sts == NDIS_STATUS_MEDIA_DISCONNECT) {
sc->ndis_link = 0;
NDIS_UNLOCK(sc);
- if (sc->ndis_80211)
+ if (sc->ndis_80211 && vap)
ieee80211_new_state(vap, IEEE80211_S_SCAN, 0);
NDIS_LOCK(sc);
if_link_state_change(sc->ifp, LINK_STATE_DOWN);
@@ -2047,9 +2047,6 @@ ndis_init(xsc)
/* Setup task offload. */
ndis_set_offload(sc);
- if (sc->ndis_80211)
- ndis_setstate_80211(sc);
-
NDIS_LOCK(sc);
sc->ndis_txidx = 0;
@@ -2297,8 +2294,6 @@ ndis_setstate_80211(sc)
ifp = sc->ifp;
ic = ifp->if_l2com;
vap = TAILQ_FIRST(&ic->ic_vaps);
- if (vap == NULL)
- return;
if (!NDIS_INITIALIZED(sc)) {
DPRINTF(("%s: NDIS not initialized\n", __func__));
@@ -2730,8 +2725,6 @@ ndis_getstate_80211(sc)
ifp = sc->ifp;
ic = ifp->if_l2com;
vap = TAILQ_FIRST(&ic->ic_vaps);
- if (vap == NULL)
- return;
ni = vap->iv_bss;
if (!NDIS_INITIALIZED(sc))
More information about the svn-src-head
mailing list