cfg80211: fix incorrect assumption on last_request for 11d

The incorrect assumption is the last regulatory request
(last_request) is always a country IE when processing
country IEs. Although this is true 99% of the time the
first time this happens this could not be true.

This fixes an oops in the branch check for the last_request
when accessing drv_last_ie. The access was done under the
assumption the struct won't be null.

Note to stable: to port to 29 replace as follows, only 29 has
country IE code:

s|NL80211_REGDOM_SET_BY_COUNTRY_IE|REGDOM_SET_BY_COUNTRY_IE

Cc: stable@kernel.org
Reported-by: Quentin Armitage <Quentin@armitage.org.uk>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index ead9dccb5475131454421fa39302e98f7627a854..9afc9168748b8695dfe4634e8ea80a7efc308877 100644 (file)
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1601,6 +1601,10 @@ static bool reg_same_country_ie_hint(struct wiphy *wiphy,
 
        assert_cfg80211_lock();
 
+       if (unlikely(last_request->initiator !=
+           NL80211_REGDOM_SET_BY_COUNTRY_IE))
+               return false;
+
        request_wiphy = wiphy_idx_to_wiphy(last_request->wiphy_idx);
 
        if (!request_wiphy)
@@ -1663,7 +1667,9 @@ void regulatory_hint_11d(struct wiphy *wiphy,
         * we optimize an early check to exit out early if we don't have to
         * do anything
         */
-       if (likely(wiphy_idx_valid(last_request->wiphy_idx))) {
+       if (likely(last_request->initiator ==
+           NL80211_REGDOM_SET_BY_COUNTRY_IE &&
+           wiphy_idx_valid(last_request->wiphy_idx))) {
                struct cfg80211_registered_device *drv_last_ie;
 
                drv_last_ie =