From 6112cb0910d29bbea4edf594609fe5e2fae426e0 Mon Sep 17 00:00:00 2001 From: stsp Date: Mon, 11 Nov 2019 18:07:21 +0000 Subject: Prevent a NULL deref in ieee80211_node2req() which could be triggered by an ioctl if the driver had not yet initialized the channel map. Crash reported by nayden@ ok sthen@ --- sys/net80211/ieee80211_ioctl.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'sys/net80211') diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c index 2d6f8afbc11..9ddffff665a 100644 --- a/sys/net80211/ieee80211_ioctl.c +++ b/sys/net80211/ieee80211_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_ioctl.c,v 1.76 2019/11/09 11:39:15 stsp Exp $ */ +/* $OpenBSD: ieee80211_ioctl.c,v 1.77 2019/11/11 18:07:21 stsp Exp $ */ /* $NetBSD: ieee80211_ioctl.c,v 1.15 2004/05/06 02:58:16 dyoung Exp $ */ /*- @@ -74,7 +74,8 @@ ieee80211_node2req(struct ieee80211com *ic, const struct ieee80211_node *ni, /* Channel and rates */ nr->nr_channel = ieee80211_chan2ieee(ic, ni->ni_chan); - nr->nr_chan_flags = ni->ni_chan->ic_flags; + if (ni->ni_chan != IEEE80211_CHAN_ANYC) + nr->nr_chan_flags = ni->ni_chan->ic_flags; if (ic->ic_curmode != IEEE80211_MODE_11N) nr->nr_chan_flags &= ~IEEE80211_CHAN_HT; nr->nr_nrates = ni->ni_rates.rs_nrates; -- cgit v1.2.3-59-g8ed1b