mac80211: fix NULL pointer crash in monitor frame injection TX path

This "patch to the patch" fixes a NULL pointer derefence crash in the new
intermediate software queues. The crash can be reproduced by injecting an
802.11 frame with a BSSID that does not belong to a configured vif. The
wperf tool (https://github.com/anyfi/wperf) may be convenient for doing
this.

Signed-off-by: Johan Almbladh <ja@anyfi.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44220 3c298f89-4303-0410-b956-a3cf2f4a3e73

diff --git a/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch b/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
index ce5d4dc..a9e95ff 100644 (file)
--- a/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
+++ b/package/kernel/mac80211/patches/321-mac80211-add-an-intermediate-software-queue-implemen.patch
@@ -384,7 +384,7 @@ Signed-off-by: Felix Fietkau <nbd@openwrt.org>
 +      if (pubsta) {
 +              u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
 +              pubtxq = pubsta->txq[tid];
-+      } else {
++      } else if (vif) {
 +              pubtxq = vif->txq;
 +      }
 +