[PATCH 4.9 018/109] staging: rtl8188eu: avoid a null dereference on pmlmepriv

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Colin Ian King <colin.king@canonical.com>,
	Sasha Levin <alexander.levin@verizon.com>
Subject: [PATCH 4.9 018/109] staging: rtl8188eu: avoid a null dereference on pmlmepriv
Date: Thu,  7 Dec 2017 13:56:02 +0100	[thread overview]
Message-ID: <20171207125636.802406257@linuxfoundation.org> (raw)
In-Reply-To: <20171207125634.631485452@linuxfoundation.org>

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Colin Ian King <colin.king@canonical.com>


[ Upstream commit 123c0aab0050cd0e07ce18e453389fbbb0a5a425 ]

There is a check on pmlmepriv before dereferencing it when
vfree'ing pmlmepriv->free_bss_buf however the previous call
to rtw_free_mlme_priv_ie_data deferences pmlmepriv causing
a null pointer deference if it is null.  Avoid this by also
calling rtw_free_mlme_priv_ie_data if the pointer is non-null.

Detected by CoverityScan, CID#1230262 ("Dereference before null check")
Fixes: 7b464c9fa5cc ("staging: r8188eu: Add files for new driver - part 4")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/rtl8188eu/core/rtw_mlme.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/staging/rtl8188eu/core/rtw_mlme.c
+++ b/drivers/staging/rtl8188eu/core/rtw_mlme.c
@@ -107,10 +107,10 @@ void rtw_free_mlme_priv_ie_data(struct m
 
 void rtw_free_mlme_priv(struct mlme_priv *pmlmepriv)
 {
-	rtw_free_mlme_priv_ie_data(pmlmepriv);
-
-	if (pmlmepriv)
+	if (pmlmepriv) {
+		rtw_free_mlme_priv_ie_data(pmlmepriv);
 		vfree(pmlmepriv->free_bss_buf);
+	}
 }
 
 struct wlan_network *_rtw_alloc_network(struct mlme_priv *pmlmepriv)

next prev parent reply	other threads:[~2017-12-07 12:58 UTC|newest]

Thread overview: 120+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-07 12:55 [PATCH 4.9 000/109] 4.9.68-stable review Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 001/109] bcache: only permit to recovery read error when cache device is clean Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 002/109] bcache: recover data from backing when data " Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 003/109] drm/fsl-dcu: avoid disabling pixel clock twice on suspend Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 004/109] drm/fsl-dcu: enable IRQ before drm_atomic_helper_resume() Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 006/109] mm, oom_reaper: gather each vma to prevent leaking TLB entry Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 007/109] uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 008/109] usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 009/109] serial: 8250_pci: Add Amazon PCI serial device ID Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 010/109] s390/runtime instrumentation: simplify task exit handling Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 011/109] USB: serial: option: add Quectel BG96 id Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 012/109] ima: fix hash algorithm initialization Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 013/109] s390/pci: do not require AIS facility Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 014/109] selftests/x86/ldt_get: Add a few additional tests for limits Greg Kroah-Hartman
2017-12-07 12:55 ` [PATCH 4.9 015/109] staging: greybus: loopback: Fix iteration count on async path Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 016/109] m68k: fix ColdFire node shift size calculation Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 017/109] serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() Greg Kroah-Hartman
2017-12-07 12:56 ` Greg Kroah-Hartman [this message]
2017-12-07 12:56 ` [PATCH 4.9 019/109] spi: sh-msiof: Fix DMA transfer size check Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 020/109] spi: spi-axi: fix potential use-after-free after deregistration Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 021/109] mmc: sdhci-msm: fix issue with power irq Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 022/109] usb: dwc2: Fix UDC state tracking Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 023/109] usb: dwc2: Error out of dwc2_hsotg_ep_disable() if were in host mode Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 024/109] usb: phy: tahvo: fix error handling in tahvo_usb_probe() Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 025/109] serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 026/109] x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 027/109] EDAC, sb_edac: Fix missing break in switch Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 028/109] sysrq : fix Show Regs call trace on ARM Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 029/109] usbip: tools: Install all headers needed for libusbip development Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 030/109] perf test attr: Fix ignored test case result Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 031/109] kprobes/x86: Disable preemption in ftrace-based jprobes Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 034/109] dax: Avoid page invalidation races and unnecessary radix tree traversals Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 035/109] net/mlx4_en: Fix type mismatch for 32-bit systems Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 036/109] l2tp: take remote address into account in l2tp_ip and l2tp_ip6 socket lookups Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 037/109] dmaengine: stm32-dma: Set correct args number for DMA request from DT Greg Kroah-Hartman
2017-12-07 13:03   ` Ludovic BARRE
2017-12-07 13:14     ` Pierre Yves MORDRET
2017-12-07 13:50       ` Greg Kroah-Hartman
2017-12-07 14:04         ` Pierre Yves MORDRET
2017-12-07 15:40           ` alexander.levin
2017-12-07 16:49             ` Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 038/109] dmaengine: stm32-dma: Fix null pointer dereference in stm32_dma_tx_status Greg Kroah-Hartman
2017-12-07 13:04   ` Ludovic BARRE
2017-12-07 13:18     ` Ludovic BARRE
2017-12-07 13:26       ` Pierre Yves MORDRET
2017-12-07 13:41       ` Pierre Yves MORDRET
2017-12-07 14:00         ` Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 039/109] usb: gadget: f_fs: Fix ExtCompat descriptor validation Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 040/109] libcxgb: fix error check for ip6_route_output() Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 041/109] net: systemport: Utilize skb_put_padto() Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 042/109] net: systemport: Pad packet before inserting TSB Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 043/109] ARM: OMAP2+: Fix WL1283 Bluetooth Baud Rate Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 044/109] ARM: OMAP1: DMA: Correct the number of logical channels Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 045/109] vti6: fix device register to report IFLA_INFO_KIND Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 046/109] be2net: fix accesses to unicast list Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 047/109] be2net: fix unicast list filling Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 048/109] net/appletalk: Fix kernel memory disclosure Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 049/109] libfs: Modify mount_pseudo_xattr to be clear it is not a userspace mount Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 050/109] net: qrtr: Mark buf as little endian Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 051/109] mm: fix remote numa hits statistics Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 052/109] mac80211: calculate min channel width correctly Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 053/109] ravb: Remove Rx overflow log messages Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 054/109] nfs: Dont take a reference on fl->fl_file for LOCK operation Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 055/109] drm/exynos/decon5433: update shadow registers iff there are active windows Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 056/109] drm/exynos/decon5433: set STANDALONE_UPDATE_F also if planes are disabled Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 057/109] KVM: arm/arm64: Fix occasional warning from the timer work function Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 058/109] mac80211: prevent skb/txq mismatch Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 059/109] NFSv4: Fix client recovery when server reboots multiple times Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 060/109] perf/x86/intel: Account interrupts for PEBS errors Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 061/109] powerpc/mm: Fix memory hotplug BUG() on radix Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 062/109] qla2xxx: Fix wrong IOCB type assumption Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 064/109] drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 065/109] net: sctp: fix array overrun read on sctp_timer_tbl Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 066/109] x86/fpu: Set the xcomp_bv when we fake up a XSAVES area Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 068/109] mac80211: dont try to sleep in rate_control_rate_init() Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 069/109] RDMA/qedr: Return success when not changing QP state Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 070/109] RDMA/qedr: Fix RDMA CM loopback Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 071/109] tipc: fix nametbl_lock soft lockup at module exit Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 072/109] tipc: fix cleanup at module unload Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 073/109] dmaengine: pl330: fix double lock Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 074/109] tcp: correct memory barrier usage in tcp_check_space() Greg Kroah-Hartman
2017-12-07 12:56 ` [PATCH 4.9 075/109] i2c: i2c-cadence: Initialize configuration before probing devices Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 076/109] nvmet: cancel fatal error and flush async work before free controller Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 077/109] gtp: clear DF bit on GTP packet tx Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 078/109] gtp: fix cross netns recv on gtp socket Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 079/109] net: phy: micrel: KSZ8795 do not set SUPPORTED_[Asym_]Pause Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 081/109] be2net: fix initial MAC setting Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 082/109] vfio/spapr: Fix missing mutex unlock when creating a window Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 083/109] mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 084/109] xen-netfront: Improve error handling during initialization Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 085/109] [media] cec: initiator should be the same as the destination for, poll Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 086/109] xen-netback: vif counters from int/long to u64 Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 087/109] net: fec: fix multicast filtering hardware setup Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 088/109] dma-buf/dma-fence: Extract __dma_fence_is_later() Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 089/109] dma-buf/sw-sync: Fix the is-signaled test to handle u32 wraparound Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 090/109] dma-buf/sw-sync: Prevent user overflow on timeline advance Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 091/109] dma-buf/sw-sync: Reduce irqsave/irqrestore from known context Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 092/109] dma-buf/sw-sync: sync_pt is private and of fixed size Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 093/109] dma-buf/sw-sync: Fix locking around sync_timeline lists Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 094/109] dma-buf/sw-sync: Use an rbtree to sort fences in the timeline Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 095/109] dma-buf/sw_sync: move timeline_fence_ops around Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 096/109] dma-buf/sw_sync: clean up list before signaling the fence Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 097/109] dma-fence: Clear fence->status during dma_fence_init() Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 098/109] dma-fence: Wrap querying the fence->status Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 099/109] dma-fence: Introduce drm_fence_set_error() helper Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 100/109] dma-buf/sw_sync: force signal all unsignaled fences on dying timeline Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 101/109] dma-buf/sync_file: hold reference to fence when creating sync_file Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 102/109] dma-buf: Update kerneldoc for sync_file_create Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 103/109] usb: hub: Cycle HUB power when initialization fails Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 104/109] usb: xhci: fix panic in xhci_free_virt_devices_depth_first Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 105/109] USB: core: Add type-specific length check of BOS descriptors Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 106/109] USB: Increase usbfs transfer limit Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 107/109] USB: devio: Prevent integer overflow in proc_do_submiturb() Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 108/109] USB: usbfs: Filter flags passed in from user space Greg Kroah-Hartman
2017-12-07 12:57 ` [PATCH 4.9 109/109] usb: host: fix incorrect updating of offset Greg Kroah-Hartman
2017-12-07 20:55 ` [PATCH 4.9 000/109] 4.9.68-stable review Guenter Roeck
2017-12-08  0:07 ` Shuah Khan
2017-12-08  5:35 ` Naresh Kamboju
2017-12-08 13:58   ` Greg Kroah-Hartman
2017-12-08 14:04     ` Milosz Wasilewski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171207125636.802406257@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=alexander.levin@verizon.com \
    --cc=colin.king@canonical.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).