svn commit: r197644 - head/sys/dev/if_ndis

Wed, 30 Sep 2009 07:29:46 -0700 

Author: cokane
Date: Wed Sep 30 14:28:38 2009
New Revision: 197644
URL: http://svn.freebsd.org/changeset/base/197644

Log:
  Correct a bug that could lead to a kernel panic if a user attempted to
  perform 802.11 operations directly on the ndis0 interface before the
  first VAP (wlan0) had been created. This would lead to a NULL-pointer
  dereference in the kernel.
  
  Submitted by: Paul B. Mahol <one...@gmail.com>
  MFC after:    3 days

Modified:
  head/sys/dev/if_ndis/if_ndis.c

Modified: head/sys/dev/if_ndis/if_ndis.c
==============================================================================
--- head/sys/dev/if_ndis/if_ndis.c      Wed Sep 30 13:26:31 2009        
(r197643)
+++ head/sys/dev/if_ndis/if_ndis.c      Wed Sep 30 14:28:38 2009        
(r197644)
@@ -1534,7 +1534,7 @@ ndis_inputtask(dobj, arg)
                if (m == NULL)
                        break;
                KeReleaseSpinLock(&sc->ndis_rxlock, irql);
-               if (sc->ndis_80211)
+               if (sc->ndis_80211 && vap)
                        vap->iv_deliver_data(vap, vap->iv_bss, m);
                else
                        (*ifp->if_input)(ifp, m);
@@ -1746,7 +1746,7 @@ ndis_ticktask(d, xsc)
            sc->ndis_sts == NDIS_STATUS_MEDIA_CONNECT) {
                sc->ndis_link = 1;
                NDIS_UNLOCK(sc);
-               if (sc->ndis_80211) {
+               if (sc->ndis_80211 && vap) {
                        ndis_getstate_80211(sc);
                        ieee80211_new_state(vap, IEEE80211_S_RUN, -1);
                }
@@ -1758,7 +1758,7 @@ ndis_ticktask(d, xsc)
            sc->ndis_sts == NDIS_STATUS_MEDIA_DISCONNECT) {
                sc->ndis_link = 0;
                NDIS_UNLOCK(sc);
-               if (sc->ndis_80211)
+               if (sc->ndis_80211 && vap)
                        ieee80211_new_state(vap, IEEE80211_S_SCAN, 0);
                NDIS_LOCK(sc);
                if_link_state_change(sc->ifp, LINK_STATE_DOWN);
@@ -2047,9 +2047,6 @@ ndis_init(xsc)
        /* Setup task offload. */
        ndis_set_offload(sc);
 
-       if (sc->ndis_80211)
-               ndis_setstate_80211(sc);
-
        NDIS_LOCK(sc);
 
        sc->ndis_txidx = 0;
@@ -2297,8 +2294,6 @@ ndis_setstate_80211(sc)
        ifp = sc->ifp;
        ic = ifp->if_l2com;
        vap = TAILQ_FIRST(&ic->ic_vaps);
-       if (vap == NULL)
-               return;
 
        if (!NDIS_INITIALIZED(sc)) {
                DPRINTF(("%s: NDIS not initialized\n", __func__));
@@ -2730,8 +2725,6 @@ ndis_getstate_80211(sc)
        ifp = sc->ifp;
        ic = ifp->if_l2com;
        vap = TAILQ_FIRST(&ic->ic_vaps);
-       if (vap == NULL)
-               return;
        ni = vap->iv_bss;
 
        if (!NDIS_INITIALIZED(sc))
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to