Commit f666c03b authored by Haowen Bai's avatar Haowen Bai Committed by Zhang Kunbo
Browse files

ipw2x00: Fix potential NULL dereference in libipw_xmit() 

stable inclusion
from stable-v4.19.247
commit 167affc11781d7d35c4c3a7630a549ac74dd0b21
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBP6MY
CVE: CVE-2022-49544

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=167affc11781d7d35c4c3a7630a549ac74dd0b21



--------------------------------

[ Upstream commit e8366bba ]

crypt and crypt->ops could be null, so we need to checking null
before dereference

Signed-off-by: default avatarHaowen Bai <baihaowen@meizu.com>
Signed-off-by: default avatarKalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1648797055-25730-1-git-send-email-baihaowen@meizu.com


Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarZhang Kunbo <zhangkunbo@huawei.com>
parent 3c67b39e

drivers/net/wireless/intel/ipw2x00/libipw_tx.c

+1 −1
Original line number Diff line number Diff line
@@ -397,7 +397,7 @@ netdev_tx_t libipw_xmit(struct sk_buff *skb, struct net_device *dev) 


		/* Each fragment may need to have room for encryption

		 * pre/postfix */

		if (host_encrypt)

		if (host_encrypt && crypt && crypt->ops)

			bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +

			    crypt->ops->extra_mpdu_postfix_len;