From 206c8c0680b15d2630900ca27eb971c5d25557e8 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 18 Jul 2022 09:14:30 +0200 Subject: wifi: mac80211: fix NULL pointer deref with non-MLD STA If we have a non-MLD STA on an AP MLD, we crash while adding the station. Fix that, in this case we need to use the STA's address also on the link data structure. Fixes: f36fe0a2df03 ("wifi: mac80211: fix up link station creation/insertion") Signed-off-by: Johannes Berg --- net/mac80211/cfg.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index fe6500b36953..b0fdfc61b2f9 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -1854,10 +1854,15 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev, !sdata->u.mgd.associated) return -EINVAL; + /* + * If we have a link ID, it can be a non-MLO station on an AP MLD, + * but we need to have a link_mac in that case as well, so use the + * STA's MAC address in that case. + */ if (params->link_sta_params.link_id >= 0) sta = sta_info_alloc_with_link(sdata, mac, params->link_sta_params.link_id, - params->link_sta_params.link_mac, + params->link_sta_params.link_mac ?: mac, GFP_KERNEL); else sta = sta_info_alloc(sdata, mac, GFP_KERNEL); -- cgit v1.2.3