From 653b77ac20aff3ed95ed5853f4705629ea0e5caf Mon Sep 17 00:00:00 2001 From: kimocoder Date: Sat, 1 Feb 2020 07:21:46 +0100 Subject: [PATCH] Add a simple check to prevent kernel panics from nullptr dereferences --- core/rtw_mlme.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/core/rtw_mlme.c b/core/rtw_mlme.c index a3567a2..8cc28c6 100644 --- a/core/rtw_mlme.c +++ b/core/rtw_mlme.c @@ -4315,6 +4315,14 @@ int rtw_rsn_sync_pmkid(_adapter *adapter, u8 *ie, uint ie_len, int i_ent) if (i_ent >= 0) { RTW_INFO(FUNC_ADPT_FMT" append PMKID:"KEY_FMT"\n" , FUNC_ADPT_ARG(adapter), KEY_ARG(sec->PMKIDList[i_ent].PMKID)); + if (!info.pmkid_list) { + /* prevent nullptr dereference when trying to insert a PMKID into + * a frame that did not previously contain one. In order to be minimally + * invasive, we just discard requests like these, which might impact + * the ability to connect to certain access points, but will at least + * prevent the kernel panics */ + return 0; + } info.pmkid_cnt = 1; /* update new pmkid_cnt */ _rtw_memcpy(info.pmkid_list, sec->PMKIDList[i_ent].PMKID, 16);