From: Johannes Berg <johannes.berg@intel.com>
Date: Mon, 18 Jul 2022 07:14:30 +0000 (+0200)
Subject: wifi: mac80211: fix NULL pointer deref with non-MLD STA
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=206c8c0680b15d2630900ca27eb971c5d25557e8;p=linux.git

wifi: mac80211: fix NULL pointer deref with non-MLD STA

If we have a non-MLD STA on an AP MLD, we crash while
adding the station. Fix that, in this case we need to
use the STA's address also on the link data structure.

Fixes: f36fe0a2df03 ("wifi: mac80211: fix up link station creation/insertion")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index fe6500b36953e..b0fdfc61b2f9d 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1854,10 +1854,15 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
 	    !sdata->u.mgd.associated)
 		return -EINVAL;
 
+	/*
+	 * If we have a link ID, it can be a non-MLO station on an AP MLD,
+	 * but we need to have a link_mac in that case as well, so use the
+	 * STA's MAC address in that case.
+	 */
 	if (params->link_sta_params.link_id >= 0)
 		sta = sta_info_alloc_with_link(sdata, mac,
 					       params->link_sta_params.link_id,
-					       params->link_sta_params.link_mac,
+					       params->link_sta_params.link_mac ?: mac,
 					       GFP_KERNEL);
 	else
 		sta = sta_info_alloc(sdata, mac, GFP_KERNEL);