From fbff868db3a4cc6a89d51da9a6d49b26c29d04fb Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jkmaline@cc.hut.fi>
Date: Sun, 28 Aug 2005 17:53:32 -0700
Subject: [PATCH] [PATCH] hostap: Fix null pointer dereference in
 prism2_pccard_card_present()

local->hw_priv was initialized only after the interrupt handler was
registered. This could trigger a NULL pointer dereference in
prism2_pccard_card_present() that assumed that local->hw_priv is always
set (and it should have been). Fix this by setting local->hw_priv before
registering the interrupt handler.

Signed-off-by: Jouni Malinen <jkmaline@cc.hut.fi>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
---
 drivers/net/wireless/hostap/hostap_cs.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/drivers/net/wireless/hostap/hostap_cs.c b/drivers/net/wireless/hostap/hostap_cs.c
index e1f1eb8e484a7..faa83badf0a1b 100644
--- a/drivers/net/wireless/hostap/hostap_cs.c
+++ b/drivers/net/wireless/hostap/hostap_cs.c
@@ -772,6 +772,13 @@ static int prism2_config(dev_link_t *link)
 		goto failed;
 	link->priv = dev;
 
+	iface = netdev_priv(dev);
+	local = iface->local;
+	local->hw_priv = hw_priv;
+	hw_priv->link = link;
+	strcpy(hw_priv->node.dev_name, dev->name);
+	link->dev = &hw_priv->node;
+
 	/*
 	 * Allocate an interrupt line.  Note that this does not assign a
 	 * handler to the interrupt, unless the 'Handler' member of the
@@ -817,13 +824,6 @@ static int prism2_config(dev_link_t *link)
 	link->state |= DEV_CONFIG;
 	link->state &= ~DEV_CONFIG_PENDING;
 
-	iface = netdev_priv(dev);
-	local = iface->local;
-	local->hw_priv = hw_priv;
-	hw_priv->link = link;
-	strcpy(hw_priv->node.dev_name, dev->name);
-	link->dev = &hw_priv->node;
-
 	local->shutdown = 0;
 
 	sandisk_enable_wireless(dev);
-- 
GitLab