Skip to content

Commit

Permalink
regulatory: fix restore_regulatory_settings
Browse files Browse the repository at this point in the history 
My commit 379b82f
("regulatory: pass new regdomain to reset function")
broke the restore_regulatory_settings() function due
to a logic change. Consider this change:

-	reset_regdomains(true);
-	cfg80211_regdomain = cfg80211_world_regdom;
+	reset_regdomains(true, cfg80211_world_regdom);

This looks innocent enough, until you realise that the
called function (reset_regdomains) also resets the
cfg80211_world_regdom pointer, so that the old version
of the code would use the new object it pointed to and
the new version of the code uses the old object. This
lead to a double-free of this object.

Since reset_regdomains() sets it to &world_regdom, use
that directly.

Reported-by: Sujith Manoharan <sujith@msujith.org>
Tested-by: Sujith Manoharan <sujith@msujith.org>
Reported-by: Bob Copeland <me@bobcopeland.com>
Reported-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  • Loading branch information
Johannes Berg committed Jan 9, 2013
1 parent 4a484cf commit 2d31986
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/wireless/reg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1848,7 +1848,7 @@ static void restore_regulatory_settings(bool reset_user)
mutex_lock(&cfg80211_mutex);
mutex_lock(&reg_mutex);

reset_regdomains(true, cfg80211_world_regdom);
reset_regdomains(true, &world_regdom);
restore_alpha2(alpha2, reset_user);

/*
Expand Down

0 comments on commit 2d31986

Please sign in to comment.