[OpenWrt-Devel] [PATCH] mac80211: fix NULL pointer crash in monitor frame injection TX path
Johan Almbladh
ja at anyfi.net
Thu Jan 29 08:06:05 EST 2015
This "patch to the patch" fixes a NULL pointer derefence crash in the new
intermediate software queues. The crash can be reproduced by injecting an
802.11 frame with a BSSID that does not belong to a configured vif. The
wperf tool (https://github.com/anyfi/wperf) may be convenient for doing
this.
Johan
---
...d-an-intermediate-software-queue-implemen.patch | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch b/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
index ce5d4dc..a9e95ff 100644
--- a/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
+++ b/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
@@ -384,7 +384,7 @@ Signed-off-by: Felix Fietkau <nbd at openwrt.org>
+ if (pubsta) {
+ u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
+ pubtxq = pubsta->txq[tid];
-+ } else {
++ } else if (vif) {
+ pubtxq = vif->txq;
+ }
+
--
1.7.9.5
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list