|
@@ -4275,6 +4275,14 @@ static int rtw_rsn_sync_pmkid(_adapter *adapter, u8 *ie, uint ie_len, int i_ent)
|
|
|
if (i_ent >= 0) {
|
|
if (i_ent >= 0) {
|
|
|
RTW_INFO(FUNC_ADPT_FMT" append PMKID:"KEY_FMT"\n"
|
|
RTW_INFO(FUNC_ADPT_FMT" append PMKID:"KEY_FMT"\n"
|
|
|
, FUNC_ADPT_ARG(adapter), KEY_ARG(sec->PMKIDList[i_ent].PMKID));
|
|
, FUNC_ADPT_ARG(adapter), KEY_ARG(sec->PMKIDList[i_ent].PMKID));
|
|
|
|
|
+ if (!info.pmkid_list) {
|
|
|
|
|
+ /* prevent nullptr dereference when trying to insert a PMKID into
|
|
|
|
|
+ * a frame that did not previously contain one. In order to be minimally
|
|
|
|
|
+ * invasive, we just discard requests like these, which might impact
|
|
|
|
|
+ * the ability to connect to certain access points, but will at least
|
|
|
|
|
+ * prevent the kernel panics */
|
|
|
|
|
+ return 0;
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
info.pmkid_cnt = 1; /* update new pmkid_cnt */
|
|
info.pmkid_cnt = 1; /* update new pmkid_cnt */
|
|
|
_rtw_memcpy(info.pmkid_list, sec->PMKIDList[i_ent].PMKID, 16);
|
|
_rtw_memcpy(info.pmkid_list, sec->PMKIDList[i_ent].PMKID, 16);
|
Tomás Pinho