Date: Sun, 16 Sep 2012 22:45:00 +0000 (UTC) From: Adrian Chadd <adrian@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r240574 - head/sys/net80211 Message-ID: <201209162245.q8GMj0Ig098522@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: adrian Date: Sun Sep 16 22:45:00 2012 New Revision: 240574 URL: http://svn.freebsd.org/changeset/base/240574 Log: Fix a crash bug introduced in the iterate node work recently done. When resuming, the first VAP is checked for max_aid; however if there is no VAP, this results in a NULL pointer dereference and kernel panic. Modified: head/sys/net80211/ieee80211_node.c Modified: head/sys/net80211/ieee80211_node.c ============================================================================== --- head/sys/net80211/ieee80211_node.c Sun Sep 16 21:17:28 2012 (r240573) +++ head/sys/net80211/ieee80211_node.c Sun Sep 16 22:45:00 2012 (r240574) @@ -2245,8 +2245,16 @@ ieee80211_iterate_nodes(struct ieee80211 size_t size; int i; uint16_t max_aid; + struct ieee80211vap *vap; + + /* Overdoing it default */ + max_aid = IEEE80211_AID_MAX; + + /* Handle the case of there being no vaps just yet */ + vap = TAILQ_FIRST(&nt->nt_ic->ic_vaps); + if (vap != NULL) + max_aid = vap->iv_max_aid; - max_aid = TAILQ_FIRST(&nt->nt_ic->ic_vaps)->iv_max_aid; size = max_aid * sizeof(struct ieee80211_node *); ni_arr = (struct ieee80211_node **) malloc(size, M_80211_NODE, M_NOWAIT | M_ZERO);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209162245.q8GMj0Ig098522>