Prevent a NULL deref in ieee80211_node2req() which could be triggered

by an ioctl if the driver had not yet initialized the channel map. Crash reported by nayden@ ok sthen@
author: stsp <stsp@openbsd.org> 2019-11-11 18:07:21 +0000
committer: stsp <stsp@openbsd.org> 2019-11-11 18:07:21 +0000
commit: 6112cb0910d29bbea4edf594609fe5e2fae426e0 (patch)
tree: cee01c928658b17210f98d92d0cf99edd3efc803 /sys/net80211
parent: Kernel is missing propper input validation when configuring IPv6 (diff)
download: wireguard-openbsd-6112cb0910d29bbea4edf594609fe5e2fae426e0.tar.xz
wireguard-openbsd-6112cb0910d29bbea4edf594609fe5e2fae426e0.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c
index 2d6f8afbc11..9ddffff665a 100644
--- a/sys/net80211/ieee80211_ioctl.c
+++ b/sys/net80211/ieee80211_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ieee80211_ioctl.c,v 1.76 2019/11/09 11:39:15 stsp Exp $	*/
+/*	$OpenBSD: ieee80211_ioctl.c,v 1.77 2019/11/11 18:07:21 stsp Exp $	*/
 /*	$NetBSD: ieee80211_ioctl.c,v 1.15 2004/05/06 02:58:16 dyoung Exp $	*/
 
 /*-
@@ -74,7 +74,8 @@ ieee80211_node2req(struct ieee80211com *ic, const struct ieee80211_node *ni,
 
 	/* Channel and rates */
 	nr->nr_channel = ieee80211_chan2ieee(ic, ni->ni_chan);
-	nr->nr_chan_flags = ni->ni_chan->ic_flags;
+	if (ni->ni_chan != IEEE80211_CHAN_ANYC)
+		nr->nr_chan_flags = ni->ni_chan->ic_flags;
 	if (ic->ic_curmode != IEEE80211_MODE_11N)
 		nr->nr_chan_flags &= ~IEEE80211_CHAN_HT;
 	nr->nr_nrates = ni->ni_rates.rs_nrates;
author	stsp <stsp@openbsd.org>	2019-11-11 18:07:21 +0000
committer	stsp <stsp@openbsd.org>	2019-11-11 18:07:21 +0000
commit	6112cb0910d29bbea4edf594609fe5e2fae426e0 (patch)
tree	cee01c928658b17210f98d92d0cf99edd3efc803 /sys/net80211
parent	Kernel is missing propper input validation when configuring IPv6 (diff)
download	wireguard-openbsd-6112cb0910d29bbea4edf594609fe5e2fae426e0.tar.xz wireguard-openbsd-6112cb0910d29bbea4edf594609fe5e2fae426e0.zip